Lucene search

Church Admin Security Vulnerabilities

cve

CVE-2015-4127

Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.

5.9AI Score

0.003EPSS

2015-05-28 02:59 PM

cve

CVE-2022-0833

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file gener...

4.3CVSS

4.5AI Score

0.001EPSS

2022-03-28 06:15 PM

cve

CVE-2023-34021

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.

7.1CVSS

6AI Score

0.0005EPSS

2023-06-23 12:15 PM

cve

CVE-2023-38515

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.

5.5CVSS

5.2AI Score

0.0005EPSS

2023-11-13 03:15 AM

cve

CVE-2024-35764

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4.

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-21 01:15 PM