Vulnerabilities and security researches forchurch-admin church-admin
Direction: ascendingJun 06, 2024
Church Admin # CVE-2023-34021
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 23, 2023
- Research Description
- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2018-20971
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 17, 2019
- Research Description
- The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2015-4127
- CVE, Research URL
- Home page URL
- Application
- Date
- May 28, 2015
- Research Description
- Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2023-38515
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 13, 2023
- Research Description
- Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-30197
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 27, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-30505
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 29, 2024
- Research Description
- Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-30493
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 29, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2023-30782
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 16, 2023
- Research Description
- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2022-0833
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 28, 2022
- Research Description
- The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-30244
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 28, 2024
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-31280
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 07, 2024
- Research Description
- Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-30193
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 27, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-32090
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 15, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-31281
- CVE, Research URL
- Home page URL
- Application
- Date
- May 17, 2024
- Research Description
- Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-34828
- CVE, Research URL
- Home page URL
- Application
- Date
- May 14, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Church Admin # CVE-2024-35637
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 03, 2024
- Research Description
- Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 20, 2024
Church Admin # CVE-2024-35764
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 21, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jul 02, 2024
Church Admin # CVE-2024-37440
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jul 08, 2024
Church Admin # CVE-2024-37418
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 09, 2024
- Research Description
- Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 28, 2024
Church Admin # CVE-2024-50438
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- Church Admin [church-admin] < 5.0.0 CVE-2024-50438
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 08, 2024
Church Admin # CVE-2024-53795
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 06, 2024
- Research Description
- Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 28, 2025
Church Admin # CVE-2025-26941
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 26, 2025
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin allows SQL Injection.This issue affects Church Admin: from n/a through 5.0.18.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable