CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30782 – WordPress Church Admin Plugin <= 3.7.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-30782
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions. The Church Admin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $what variable parameter in versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20971 – Church Admin < 1.2550 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-20971
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. El plugin church-admin versiones anteriores a 1.2550 para WordPress, presenta una vulnerabilidad de tipo CSRF que afecta la carga de un plan de lectura de la biblia. • https://wordpress.org/plugins/church-admin/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •