WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by D01EXPLOIT in WordPress Plugin Church Admin versions = 5.0.26...

WordPress Church Admin Plugin <= 4.4.6 is vulnerable to Arbitrary File Upload

Software Church Admin Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-37418 Patch priority High CVSS severity High 9.9 Developer Andy Moyle PSID 3fae9e77c92b Credits Peng Zhou Required privilege Subscriber Publish...

WordPress Church Admin Plugin <= 4.4.4 is vulnerable to Broken Access Control

Software Church Admin Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37440 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 7a86d2a04714 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Church Admin Plugin <= 4.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35764 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID ef4f8b581e9b Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Church Admin Plugin <= 4.0.27 is vulnerable to Cross Site Request Forgery (CSRF)

Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32090 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 74fcfce5e41d Credits Dhabaleshwar Das Required...

WordPress Church Admin Plugin <= 4.1.6 is vulnerable to Broken Access Control

Software Church Admin Type Plugin Vulnerable versions = 4.1.6 Fixed in 4.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31281 Patch priority Medium CVSS severity Medium 6.3 Developer Andy Moyle PSID 45a702e240da Credits Peng Zhou Required privilege...

WordPress Church Admin Plugin <= 4.1.5 is vulnerable to Arbitrary File Upload

Software Church Admin Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31280 Patch priority High CVSS severity High 9.9 Developer Andy Moyle PSID edcb8443de34 Credits Peng Zhou Required privilege Subscriber Publish...

WordPress Church Admin Plugin <= 4.0.27 is vulnerable to SQL Injection

Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30244 Patch priority Medium CVSS severity Medium 8.5 Developer Andy Moyle PSID f10836385922 Credits LVT-tholv2k Required privilege Contributor...

WordPress Church Admin Plugin <= 4.0.26 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30197 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID a171cb3adf3a Credits LVT-tholv2k Required privilege Contributor...

WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)

Software Church Admin Type Plugin Vulnerable versions = 3.7.56 Fixed in 3.8.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2023-38515 Patch priority Low CVSS severity Low 5.5 Developer Andy Moyle PSID 208cb17a34bd Credits Yuchen Ji...

WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 3.7.29 Fixed in 3.7.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34021 Patch priority Medium CVSS severity Medium 7.1 Developer Andy Moyle PSID 57d5d23230bd Credits Phd Required privilege...

WordPress Church Admin Plugin <= 3.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 3.7.5 Fixed in 3.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30782 Patch priority Medium CVSS severity Medium 7.1 Developer Andy Moyle PSID 7ffc0d962f6f Credits Le Ngoc Anh Required...