191 matches found
CVE-2024-30493 WordPress Church Admin plugin <= 4.1.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7...
CVE-2024-30493 WordPress Church Admin plugin <= 4.1.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.7...
PT-2024-23419
Name of the Vulnerable Software and Affected Versions Andy Moyle Church Admin versions n/a through 4.1.7 Description The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application...
CVE-2024-30244
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.27...
CVE-2024-30244 WordPress Church Admin plugin <= 4.0.27 - SQL Injection via shortcode vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.27...
CVE-2024-30244
CVE-2024-30244 affects the WordPress plugin Church Admin (versions
CVE-2024-30244 WordPress Church Admin plugin <= 4.0.27 - SQL Injection via shortcode vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.27...
WordPress Church Admin Plugin <= 4.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Church Admin Type Plugin Vulnerable versions = 4.1.7 Fixed in 4.1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30493 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 730279774aaf Credits Peng Zhou Required privileg...
CVE-2024-30197
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.26...
CVE-2024-30193
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.17...
CVE-2024-30193
CVE-2024-30193 concerns the WordPress plugin Church Admin by Andy Moyle. Connected documents confirm a Stored XSS vulnerability in Church Admin, described as Improper Neutralization of Input During Web Page Generation, enabling XSS via meta-text/shortcode vectors. Affected software: Church Admin
CVE-2024-30197
CVE-2024-30197 corresponds to an authenticated Stored XSS in the WordPress plugin Church Admin. According to the entry, Church Admin versions up to 4.0.26 are affected and allow stored XSS via shortcode due to improper input neutralization during web page generation. The vulnerability impact is c...
WordPress Church Admin Plugin <= 4.0.27 is vulnerable to SQL Injection
Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30244 Patch priority Medium CVSS severity Medium 8.5 Developer Andy Moyle PSID f10836385922 Credits LVT-tholv2k Required privilege Contributor...
VulnCheck KEV: CVE-2024-30244
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.27...
WordPress Church Admin Plugin <= 4.0.26 is vulnerable to Cross Site Scripting (XSS)
Software Church Admin Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30197 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID a171cb3adf3a Credits LVT-tholv2k Required privilege Contributor...
CVE-2024-24702
Cross-Site Request Forgery CSRF vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5...
CVE-2024-24702
CVE-2024-24702 is a CSRF vulnerability in the WordPress plugin Page Restrict (versions up to and including 2.5.5). The issue allows an attacker to perform unintended actions on behalf of an authenticated user via a CSRF vector, with CVSSv3.1 base metrics indicating a HIGH impact on confidentialit...
CVE-2023-38515
Server-Side Request Forgery SSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56...
CVE-2023-38515
Server-Side Request Forgery SSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56...
CVE-2023-38515 WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)
Server-Side Request Forgery SSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56...