Lucene search
K

268 matches found

CVE
CVE
added 2 days ago5 views

CVE-2026-58411

ChurchCRM (open-source church management system) Vulnerability: Prior to version 7.4.0, a Reflected XSS was identified due to insufficient output encoding of user-controlled request parameter names and values. The application reflects attacker-controlled input into JavaScript string contexts and ...

7CVSS6.1AI score0.00347EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-61983

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-61983 WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-61983

The CVE-2026-61983 entry concerns a Missing Authorization vulnerability in the WordPress plugin Church Admin (vendor: andy_moyle) affecting church-admin up to version 5.0.30. The issue arises from an incorrectly configured access control security level, enabling unauthorized access due to lack of...

5.3CVSS6.1AI score0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-61983

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS6.1AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/18 4:21 a.m.16 views

CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.8AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/01/17 4:16 a.m.7 views

CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS0.00245EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/17 3:24 a.m.3 views

CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.7AI score0.00245EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/17 3:24 a.m.10 views

EUVD-2026-3155

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.3AI score0.00245EPSS
Exploits0References7
CVE
CVE
added 2026/01/17 3:24 a.m.21 views

CVE-2026-0682

The CVE-2026-0682 entry describes an authenticated Administrator+ SSRF against WordPress Church Admin plugin (versions up to 5.0.28) due to insufficient validation of the audio_url parameter. An attacker could cause the web app to issue requests to internal services, enabling querying/modificatio...

2.2CVSS5.4AI score0.00245EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/17 3:24 a.m.28 views

CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS0.00245EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/17 3:24 a.m.4 views

CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.6AI score0.00245EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/17 12:0 a.m.9 views

WordPress plugin Church Admin code vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

2.2CVSS5.9AI score0.00245EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.12 views

PT-2026-3344

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, t...

2.2CVSS5.8AI score0.00245EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/16 11:42 p.m.9 views

WordPress Church Admin plugin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter vulnerability

Authenticated Administrator+ Blind Server-Side Request Forgery via 'audiourl' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Church Admin versions = 5.0.28...

2.2CVSS7.1AI score0.00245EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.7 views

CVE-2024-34828

Cross-Site Request Forgery CSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.32...

4.3CVSS5.9AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-13508

Malware in sbrugna...

8.8CVSS8.8AI score0.00649EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25519

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-36649

Malicious code in bioql PyPI...

9.9CVSS6.6AI score0.00537EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-29176

Malicious code in bioql PyPI...

9.9CVSS8.8AI score0.00625EPSS
Exploits0References1
Rows per page
Query Builder