PatchSiren

pluck-cms CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW pluck-cms CVE published 2026-07-19

CVE-2026-16205

A weakness has been identified in Pluck CMS up to 4.7.21, affecting the function htmlspecialchars_decode of the file data/modules/albums/albums.admin.php of the component Albums Module. This vulnerability can lead to cross-site scripting. The CVE record was published on 2026-07-19T03:16:42.250Z and has not been modified since then. Users of Pluck CMS up to version 4.7.21 should be aware of this weakness a [truncated]