CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30505 – WordPress Church Admin plugin <= 4.1.18 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30505
28 Mar 2024 — Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18. Vulnerabilidad de autorización faltante en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.1.18. The Church Admin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 4.1.18. This makes it possible for authenticated attackers, with subscriber-level access and above... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-18-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30493 – WordPress Church Admin plugin <= 4.1.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30493
28 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.1.7. The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.7. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30244 – WordPress Church Admin plugin <= 4.0.27 - SQL Injection via shortcode vulnerability
https://notcve.org/view.php?id=CVE-2024-30244
26 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.0.27. The Church Admin plugin for WordPress is vulnerable to SQL Injection via the 'weeks' value in all versions up to, and inclu... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-0-27-sql-injection-via-shortcode-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30193 – WordPress Church Admin plugin <= 4.1.17 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30193
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Andy Moyle Church Admin permite XSS almacenado. Este problema afecta a Church Admin: desde n/a hasta 4.1.17. The Church Admin plugin for WordPress is vulnerable to Stored Cross-Site Sc... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-17-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30197 – WordPress Church Admin plugin <= 4.0.26 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30197
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Andy Moyle Church Admin permite XSS almacenado. Este problema afecta a Church Admin: desde n/a hasta 4.0.26. The Church Admin plugin for WordPress is vulnerable to Stored Cross-Site Sc... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-0-26-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38515 – WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-38515
26 Jul 2023 — Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 3.7.56. The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.7.56 via the church_admin_import_csv function when importing from a csv file. This can allow authenticated attackers ... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-56-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34021 – WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34021
13 Jun 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions. The Church Admin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Unauth. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0833 – Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure
https://notcve.org/view.php?id=CVE-2022-0833
07 Mar 2022 — The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data El plugin Church Admin de WordPress versiones anteriores ... • https://wpscan.com/vulnerability/b2c7c1e8-d72c-4b1e-b5cb-dc2a6538965d • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-4127 – Church Admin < 0.810 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-4127
22 May 2015 — Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/. Vulnerabilidad de XSS en el plugin church_admin anterior a 0.810 para WordPress permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro address, tal y como fue demostrado mediante una solicit... • https://www.exploit-db.com/exploits/37112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •