CVE-2022-27432

HIGH

Pluck - CSRF

Title source: rule

Description

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.

Exploits (1)

exploitdb WORKING POC

by Devansh Bordia · textwebappsphp

https://www.exploit-db.com/exploits/50831

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://owasp.org/www-community/attacks/csrf

[Not Applicable, VDB Entry] https://www.exploit-db.com/exploits/50831

Scores

CVSS v3 8.8

EPSS 0.0018

EPSS Percentile 39.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

pluck-cms/pluck 4.7.15

Published Mar 30, 2022

Tracked Since Feb 18, 2026