Hi! I think regexp in function latinOnlyInput is incorrect. So I find a xss in /data/inc/images.php line42, and I think this problem may lead to other vulnerabilities.
In regexp, brackets have special meanings. [blank]-[underline] means blank to underline in ascii.

I run It trough the validator and you are correct. there is one character missing in the regexp. it should be: [^a-zA-Z0-9.\ \-_]+ (Notice the \ before the -)

I drafted a new dev release. can you test this please? if correct I can push to production.

https://github.com/pluck-cms/pluck/releases/tag/4.7.9-dev4
pluck-4.7.9-dev4.tar.gz

Be careful in coding xD. If find other vulns, I will tell u immediately.

Thank you. I pushed it to production. all admins will get a notification to update when they logon.