CVE-2012-1227

medium

Published 2012-02-21 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/47934

Application impact

Vendor	Product	Versions	Fixed
pluck-cms	pluck	`4.7`

References

http://osvdb.org/79005
http://secunia.com/advisories/47934
http://www.exploit-db.com/exploits/18474
http://osvdb.org/79005
http://secunia.com/advisories/47934
http://www.exploit-db.com/exploits/18474

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.