2 matches found
CVE-2022-0833 Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file...
CVE-2022-0833
CVE-2022-0833 – WordPress Church Admin plugin prior to 3.4.135 is vulnerable due to missing authorization and CSRF protections on certain actions and files. An unauthenticated attacker can repeatedly call the public- facing and requested actions (notably the “refresh-backup” action) and access a ...