Remote Code Execution Vulnerability in Pluck 4.7.16 via Theme Upload Functionality

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.

Learn more about our User Device Pen Test.