A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.Referenceshttps://owasp.org/www-community/attacks/csrfhttps://www.exploit-db.com/exploits/50831
