LOW
pluck-cms
CVE published 2026-07-19
CVE-2026-16205
A weakness has been identified in Pluck CMS up to 4.7.21, affecting the function htmlspecialchars_decode of the file data/modules/albums/albums.admin.php of the component Albums Module. This vulnerability can lead to cross-site scripting. The CVE record was published on 2026-07-19T03:16:42.250Z and has not been modified since then. Users of Pluck CMS up to version 4.7.21 should be aware of this weakness a [truncated]