An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24740
Reference (s):
- https://github.com/pluck-cms/pluck/issues/81