CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53795 – WordPress Church Admin plugin <= 5.0.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-53795
02 Dec 2024 — Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8. The Church Admin plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on an AJAX action in versions up to, and including, 5.0.8. This makes it possible for unauthenticated attackers to send emails. • https://patchstack.com/database/wordpress/plugin/church-admin/vulnerability/wordpress-church-admin-plugin-5-0-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50438 – WordPress Church Admin plugin < 5.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50438
24 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0. The Church Admin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully ... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-5-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37418 – WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-37418
04 Jul 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Andy Moyle Church Admin permite cargar un Web Shell a un servidor web. Este problema afecta a Church Admin: desde n/a hasta 4.4.6. The Church Admin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation ... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-6-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37440 – WordPress Church Admin plugin <= 4.4.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37440
28 Jun 2024 — Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4. The Church Admin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete-household cas in versions up to, and including, 4.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete households. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35764 – WordPress Church Admin plugin <= 4.4.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35764
17 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Andy Moyle Church Admin permite XSS Almacenado. Este problema afecta a Church Admin: desde n/a hasta 4.4.4. The Church Admin plugin for WordPress is vulnerable to Stored Cr... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35637 – WordPress Church Admin plugin <= 4.3.6 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35637
30 May 2024 — Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.3.6. The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.3.6. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary loc... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-3-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34828 – WordPress Church Admin plugin <= 4.1.32 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-34828
09 May 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.1.32. The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.32. This is due to missing or incorrect nonce validation on several functions in the includes/functions.php file. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-32-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32090 – WordPress Church Admin plugin <= 4.0.27 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32090
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.0.27. The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.27. This is due to missing or incorrect nonce validation on the ca_debug_mode() function. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-0-27-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31281 – WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31281
05 Apr 2024 — Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6. Vulnerabilidad de autorización faltante en Andy Moyle Church Admin church-admin permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Church Admin: desde n/a hasta 4.1.6. The Church Admin plugin for WordPress is vulnerable to unauthorized access due... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31280 – WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31280
05 Apr 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. Carga de archivos sin restricciones con vulnerabilidad de tipo peligroso en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.1.5. The Church Admin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.1.5. This makes it possible for authenticated attac... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •