CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263 matches found

RedhatCVE•added 2026/01/18 4:21 a.m.•3 views

CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.8AI score0.00053EPSS

Exploits0References1

NVD•added 2026/01/17 4:16 a.m.•2 views

CVE-2026-0682

2.2CVSS0.00053EPSS

Exploits0References6

ATTACKERKB•added 2026/01/17 3:24 a.m.•2 views

CVE-2026-0682

2.2CVSS5.6AI score0.00053EPSS

Exploits0References7

CVE•added 2026/01/17 3:24 a.m.•6 views

CVE-2026-0682

The CVE-2026-0682 entry describes an authenticated Administrator+ SSRF against WordPress Church Admin plugin (versions up to 5.0.28) due to insufficient validation of the audio_url parameter. An attacker could cause the web app to issue requests to internal services, enabling querying/modificatio...

2.2CVSS5.4AI score0.00053EPSS

Exploits0References6

Vulnrichment•added 2026/01/17 3:24 a.m.•2 views

CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter

2.2CVSS5.7AI score0.00053EPSS

Exploits0References6

Cvelist•added 2026/01/17 3:24 a.m.•21 views

CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter

2.2CVSS0.00053EPSS

Exploits0References6

EUVD•added 2026/01/17 3:24 a.m.•4 views

EUVD-2026-3155

2.2CVSS5.3AI score0.00053EPSS

Exploits0References7

CNNVD•added 2026/01/17 12:0 a.m.•1 views

WordPress plugin Church Admin code vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

2.2CVSS5.9AI score0.00053EPSS

Exploits0References7

Positive Technologies•added 2026/01/17 12:0 a.m.•4 views

PT-2026-3344

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, t...

2.2CVSS5.8AI score0.00053EPSS

Exploits0References7

Patchstack•added 2026/01/16 11:42 p.m.•5 views

WordPress Church Admin plugin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter vulnerability

Authenticated Administrator+ Blind Server-Side Request Forgery via 'audiourl' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Church Admin versions = 5.0.28...

2.2CVSS7.1AI score0.00053EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 9:6 a.m.•4 views

CVE-2024-34828

Cross-Site Request Forgery CSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.32...

4.3CVSS5.9AI score0.00121EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-13508

Malware in sbrugna...

8.8CVSS8.8AI score0.00092EPSS

Exploits0References2