268 matches found
CVE-2026-58411
ChurchCRM (open-source church management system) Vulnerability: Prior to version 7.4.0, a Reflected XSS was identified due to insufficient output encoding of user-controlled request parameter names and values. The application reflects attacker-controlled input into JavaScript string contexts and ...
CVE-2026-61983
Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...
CVE-2026-61983 WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...
CVE-2026-61983
The CVE-2026-61983 entry concerns a Missing Authorization vulnerability in the WordPress plugin Church Admin (vendor: andy_moyle) affecting church-admin up to version 5.0.30. The issue arises from an incorrectly configured access control security level, enabling unauthorized access due to lack of...
CVE-2026-61983
Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...
CVE-2026-0682
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
CVE-2026-0682
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
EUVD-2026-3155
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
CVE-2026-0682
The CVE-2026-0682 entry describes an authenticated Administrator+ SSRF against WordPress Church Admin plugin (versions up to 5.0.28) due to insufficient validation of the audio_url parameter. An attacker could cause the web app to issue requests to internal services, enabling querying/modificatio...
CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
CVE-2026-0682
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
WordPress plugin Church Admin code vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-3344
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, t...
WordPress Church Admin plugin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter vulnerability
Authenticated Administrator+ Blind Server-Side Request Forgery via 'audiourl' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Church Admin versions = 5.0.28...
CVE-2024-34828
Cross-Site Request Forgery CSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.32...
EUVD-2018-13508
Malware in sbrugna...
EUVD-2025-25519
Malicious code in bioql PyPI...
EUVD-2024-36649
Malicious code in bioql PyPI...
EUVD-2024-29176
Malicious code in bioql PyPI...