CVE-2026-31205

Published: Mag 04, 2026 Last Modified: Mag 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,7

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: high

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function

https://github.com/pluck-cms/pluck/blob/main/data/inc/editp…

https://github.com/pluck-cms/pluck/blob/main/data/inc/editpage.php

https://github.com/pluck-cms/pluck/blob/main/data/inc/funct…

https://github.com/pluck-cms/pluck/blob/main/data/inc/functions.all.php#L207

https://github.com/pluck-cms/pluck/issues/141

https://medium.com/@nakah_/pluck-cms-stored-xss-in-page-edi…

https://medium.com/@nakah_/pluck-cms-stored-xss-in-page-editor-cve-2026-31205-3…

CVE-2026-31205

Description

Iscriviti alla newsletter