CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35764 – WordPress Church Admin plugin <= 4.4.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35764
17 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Andy Moyle Church Admin permite XSS Almacenado. Este problema afecta a Church Admin: desde n/a hasta 4.4.4. The Church Admin plugin for WordPress is vulnerable to Stored Cr... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38515 – WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-38515
26 Jul 2023 — Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 3.7.56. The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.7.56 via the church_admin_import_csv function when importing from a csv file. This can allow authenticated attackers ... • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-56-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34021 – WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34021
13 Jun 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions. The Church Admin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Unauth. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0833 – Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure
https://notcve.org/view.php?id=CVE-2022-0833
07 Mar 2022 — The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data El plugin Church Admin de WordPress versiones anteriores ... • https://wpscan.com/vulnerability/b2c7c1e8-d72c-4b1e-b5cb-dc2a6538965d • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-4127 – Church Admin < 0.810 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-4127
22 May 2015 — Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/. Vulnerabilidad de XSS en el plugin church_admin anterior a 0.810 para WordPress permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro address, tal y como fue demostrado mediante una solicit... • https://www.exploit-db.com/exploits/37112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •