Lucene search
+L

71 matches found

cvelist
cvelist
added 3 days ago29 views

CVE-2026-61983 WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS0.00176EPSS
Exploits0References1
nvd
nvd
added 2026/01/17 4:16 a.m.7 views

CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS0.00245EPSS
Exploits0References6
cve
cve
added 2026/01/17 3:24 a.m.22 views

CVE-2026-0682

The CVE-2026-0682 entry describes an authenticated Administrator+ SSRF against WordPress Church Admin plugin (versions up to 5.0.28) due to insufficient validation of the audio_url parameter. An attacker could cause the web app to issue requests to internal services, enabling querying/modificatio...

2.2CVSS5.4AI score0.00245EPSS
Exploits0References6
euvd
euvd
added 2026/01/17 3:24 a.m.12 views

EUVD-2026-3155

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.3AI score0.00245EPSS
Exploits0References7
cvelist
cvelist
added 2026/01/17 3:24 a.m.28 views

CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS0.00245EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/01/17 3:24 a.m.4 views

CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.6AI score0.00245EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/01/17 12:0 a.m.15 views

PT-2026-3344

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, t...

2.2CVSS5.8AI score0.00245EPSS
Exploits0References7
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-13508

Malware in sbrugna...

8.8CVSS8.8AI score0.00649EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-38145

Malicious code in bioql PyPI...

7.1CVSS6.9AI score0.00382EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/09 4:25 p.m.33 views

CVE-2025-39553 WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 5.0.9...

4.3CVSS0.00234EPSS
Exploits0References1
patchstack
patchstack
added 2025/08/22 1:56 p.m.7 views

WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by D01EXPLOIT in WordPress Plugin Church Admin versions = 5.0.26...

5.3CVSS6.7AI score0.00209EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2025/08/22 12:0 p.m.12 views

CVE-2025-57896 WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.26...

5.3CVSS0.00209EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/08/22 12:0 p.m.2 views

CVE-2025-57896 WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability

Missing Authorization vulnerability in andymoyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26...

5.3CVSS6.5AI score0.00209EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/08/22 12:0 a.m.4 views

WordPress plugin Church Admin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.5AI score0.00209EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 5:21 a.m.7 views

CVE-2023-34021

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.29 versions...

7.1CVSS5.8AI score0.00382EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:18 a.m.4 views

CVE-2023-30782

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.5 versions...

7.1CVSS5.8AI score0.00382EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 3:42 a.m.8 views

CVE-2018-20971

The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan...

8.8CVSS7.2AI score0.00649EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/04/16 12:44 p.m.7 views

CVE-2025-39555 WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andymoyle Church Admin allows Stored XSS. This issue affects Church Admin: from n/a through 5.0.23...

6.5CVSS6.9AI score0.00308EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/26 2:40 p.m.4 views

CVE-2025-26941 WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through = 5.0.18...

9.3CVSS5.6AI score0.00573EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/26 2:40 p.m.17 views

CVE-2025-26941 WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through = 5.0.18...

9.3CVSS0.00573EPSS
Exploits0References1
Rows per page
Query Builder