20 matches found
CVE-2025-39553 WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in andymoyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9...
CVE-2025-39553 WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 5.0.9...
WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by D01EXPLOIT in WordPress Plugin Church Admin versions = 5.0.26...
CVE-2025-57896 WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability
Missing Authorization vulnerability in andymoyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26...
WordPress Church Admin Plugin <= 4.4.6 is vulnerable to Arbitrary File Upload
Software Church Admin Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-37418 Patch priority High CVSS severity High 9.9 Developer Andy Moyle PSID 3fae9e77c92b Credits Peng Zhou Required privilege Subscriber Publish...
WordPress Church Admin Plugin <= 4.4.4 is vulnerable to Broken Access Control
Software Church Admin Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37440 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 7a86d2a04714 Credits Ngô Thiên An ancorn from VNPT-VCI...
WordPress Church Admin Plugin <= 4.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Church Admin Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35764 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID ef4f8b581e9b Credits Ngô Thiên An ancorn from VNPT-VCI Required...
CVE-2024-31281 WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.6...
WordPress Church Admin Plugin <= 4.1.32 is vulnerable to Cross Site Request Forgery (CSRF)
Software Church Admin Type Plugin Vulnerable versions = 4.1.32 Fixed in 4.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34828 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 2d0beb058c1b Credits Dhabaleshwar Das Required...
WordPress Church Admin Plugin <= 4.0.27 is vulnerable to Cross Site Request Forgery (CSRF)
Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32090 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 74fcfce5e41d Credits Dhabaleshwar Das Required...
WordPress Church Admin Plugin <= 4.1.6 is vulnerable to Broken Access Control
Software Church Admin Type Plugin Vulnerable versions = 4.1.6 Fixed in 4.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31281 Patch priority Medium CVSS severity Medium 6.3 Developer Andy Moyle PSID 45a702e240da Credits Peng Zhou Required privilege...
WordPress Church Admin Plugin <= 4.1.5 is vulnerable to Arbitrary File Upload
Software Church Admin Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31280 Patch priority High CVSS severity High 9.9 Developer Andy Moyle PSID edcb8443de34 Credits Peng Zhou Required privilege Subscriber Publish...
WordPress Church Admin Plugin <= 4.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Church Admin Type Plugin Vulnerable versions = 4.1.7 Fixed in 4.1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30493 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 730279774aaf Credits Peng Zhou Required privileg...
WordPress Church Admin Plugin <= 4.1.18 is vulnerable to Broken Access Control
Software Church Admin Type Plugin Vulnerable versions = 4.1.18 Fixed in 4.1.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30505 Patch priority Medium CVSS severity Medium 5.4 Developer Andy Moyle PSID 4be0d3ba3cb9 Credits CatFather Required privilege...
WordPress Church Admin Plugin <= 4.0.27 is vulnerable to SQL Injection
Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30244 Patch priority Medium CVSS severity Medium 8.5 Developer Andy Moyle PSID f10836385922 Credits LVT-tholv2k Required privilege Contributor...
WordPress Church Admin Plugin <= 4.1.17 is vulnerable to Cross Site Scripting (XSS)
Software Church Admin Type Plugin Vulnerable versions = 4.1.17 Fixed in 4.1.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30193 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID 239d5fd65793 Credits CatFather Required privilege...
WordPress Church Admin Plugin <= 4.0.26 is vulnerable to Cross Site Scripting (XSS)
Software Church Admin Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30197 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID a171cb3adf3a Credits LVT-tholv2k Required privilege Contributor...
WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)
Software Church Admin Type Plugin Vulnerable versions = 3.7.56 Fixed in 3.8.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2023-38515 Patch priority Low CVSS severity Low 5.5 Developer Andy Moyle PSID 208cb17a34bd Credits Yuchen Ji...
WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)
Software Church Admin Type Plugin Vulnerable versions = 3.7.29 Fixed in 3.7.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34021 Patch priority Medium CVSS severity Medium 7.1 Developer Andy Moyle PSID 57d5d23230bd Credits Phd Required privilege...
WordPress Church Admin Plugin <= 3.7.5 is vulnerable to Cross Site Scripting (XSS)
Software Church Admin Type Plugin Vulnerable versions = 3.7.5 Fixed in 3.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30782 Patch priority Medium CVSS severity Medium 7.1 Developer Andy Moyle PSID 7ffc0d962f6f Credits Le Ngoc Anh Required...