Vulnerabilities and security researches forchurch-admin church-admin

Direction: ascending

Jun 06, 2024

Church Admin # CVE-2023-34021

CVE, Research URL: CVE-2023-34021
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Jun 23, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2018-20971

CVE, Research URL: CVE-2018-20971
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Aug 17, 2019
Research Description: The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2015-4127

CVE, Research URL: CVE-2015-4127
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: May 28, 2015
Research Description: Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2023-38515

CVE, Research URL: CVE-2023-38515
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Nov 13, 2023
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-30197

CVE, Research URL: CVE-2024-30197
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-30505

CVE, Research URL: CVE-2024-30505
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Mar 29, 2024
Research Description: Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-30493

CVE, Research URL: CVE-2024-30493
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Mar 29, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2023-30782

CVE, Research URL: CVE-2023-30782
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Aug 16, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2022-0833

CVE, Research URL: CVE-2022-0833
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Mar 28, 2022
Research Description: The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-30244

CVE, Research URL: CVE-2024-30244
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Mar 28, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-31280

CVE, Research URL: CVE-2024-31280
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Apr 07, 2024
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-30193

CVE, Research URL: CVE-2024-30193
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-32090

CVE, Research URL: CVE-2024-32090
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-31281

CVE, Research URL: CVE-2024-31281
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: May 17, 2024
Research Description: Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-34828

CVE, Research URL: CVE-2024-34828
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: May 14, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32.
Affected versions: Min -, max -.
Status: vulnerable

Church Admin # CVE-2024-35637

CVE, Research URL: CVE-2024-35637
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Jun 03, 2024
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.
Affected versions: Min -, max -.
Status: vulnerable

Jun 20, 2024

Church Admin # CVE-2024-35764

CVE, Research URL: CVE-2024-35764
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Jun 21, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4.
Affected versions: Min -, max -.
Status: vulnerable

Jul 02, 2024

Church Admin # CVE-2024-37440

CVE, Research URL: CVE-2024-37440
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.
Affected versions: Min -, max -.
Status: vulnerable

Jul 08, 2024

Church Admin # CVE-2024-37418

CVE, Research URL: CVE-2024-37418
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Jul 09, 2024
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.
Affected versions: Min -, max -.
Status: vulnerable

Oct 28, 2024

Church Admin # CVE-2024-50438

CVE, Research URL: CVE-2024-50438
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: -
Research Description: Church Admin [church-admin] < 5.0.0 CVE-2024-50438
Affected versions: Min -, max -.
Status: vulnerable

Dec 08, 2024

Church Admin # CVE-2024-53795

CVE, Research URL: CVE-2024-53795
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.
Affected versions: Min -, max -.
Status: vulnerable

Mar 28, 2025

Church Admin # CVE-2025-26941

CVE, Research URL: CVE-2025-26941
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Mar 26, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin allows SQL Injection.This issue affects Church Admin: from n/a through 5.0.18.
Affected versions: Min -, max -.
Status: vulnerable

Apr 18, 2025

Church Admin # CVE-2025-39555

CVE, Research URL: CVE-2025-39555
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: Apr 16, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin allows Stored XSS. This issue affects Church Admin: from n/a through 5.0.23.
Affected versions: Min -, max -.
Status: vulnerable

Apr 29, 2025

Church Admin # CVE-2025-39553

CVE, Research URL: CVE-2025-39553
Home page URL: Security reports for Church Admin
Application: Church Admin
Date: -
Research Description: Church Admin [church-admin] < 5.0.10 CVE-2025-39553
Affected versions: Min -, max -.
Status: vulnerable