4 matches found
EUVD-2026-29884
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...
ChurchCRM 授权问题漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions 7.2.0 to 7.2.2 of ChurchCRM have vulnerabilities related to authorization. These vulnerabilities stem from incomplete fixes to the CVE-2026-4058 vulnerability, which may allow attackers to exploit the PoC Proof of Concept...
PT-2026-40463
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...
PT-2026-40554
Name of the Vulnerable Software and Affected Versions User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration versions prior to 4.3.3 Description The plugin is subject to unauthorized data modification because the user subscription cancel function lacks...