Pluck CMS version 4.7.2 suffers from a directory traversal vulnerability.