cpe:/a:pluck-cms:pluck:4.7 CVE-2012-1227 2012-02-21T08:31:47.860-05:00 2012-02-24T00:00:00.000-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-02-21T13:12:00.000-05:00 EXPLOIT-DB 18474 SECUNIA 47934 OSVDB 79005 Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.