cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forchurch-admin church-admin

Direction: ascending
Jun 06, 2024

Church Admin # CVE-2023-34021

CVE, Research URL

CVE-2023-34021

Application

Church Admin

Date
Jun 23, 2023
Research Description
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2018-20971

CVE, Research URL

CVE-2018-20971

Application

Church Admin

Date
Aug 17, 2019
Research Description
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2015-4127

CVE, Research URL

CVE-2015-4127

Application

Church Admin

Date
May 28, 2015
Research Description
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2023-38515

CVE, Research URL

CVE-2023-38515

Application

Church Admin

Date
Nov 13, 2023
Research Description
Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-30197

CVE, Research URL

CVE-2024-30197

Application

Church Admin

Date
Mar 27, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-30505

CVE, Research URL

CVE-2024-30505

Application

Church Admin

Date
Mar 29, 2024
Research Description
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-30493

CVE, Research URL

CVE-2024-30493

Application

Church Admin

Date
Mar 29, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2023-30782

CVE, Research URL

CVE-2023-30782

Application

Church Admin

Date
Aug 16, 2023
Research Description
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2022-0833

CVE, Research URL

CVE-2022-0833

Application

Church Admin

Date
Mar 28, 2022
Research Description
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-30244

CVE, Research URL

CVE-2024-30244

Application

Church Admin

Date
Mar 28, 2024
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-31280

CVE, Research URL

CVE-2024-31280

Application

Church Admin

Date
Apr 07, 2024
Research Description
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-30193

CVE, Research URL

CVE-2024-30193

Application

Church Admin

Date
Mar 27, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-32090

CVE, Research URL

CVE-2024-32090

Application

Church Admin

Date
Apr 15, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-31281

CVE, Research URL

CVE-2024-31281

Application

Church Admin

Date
May 17, 2024
Research Description
Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-34828

CVE, Research URL

CVE-2024-34828

Application

Church Admin

Date
May 14, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32.
Affected versions
Min -, max -.
Status
vulnerable

Church Admin # CVE-2024-35637

CVE, Research URL

CVE-2024-35637

Application

Church Admin

Date
Jun 03, 2024
Research Description
Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.
Affected versions
Min -, max -.
Status
vulnerable
Jun 20, 2024

Church Admin # CVE-2024-35764

CVE, Research URL

CVE-2024-35764

Application

Church Admin

Date
Jun 21, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4.
Affected versions
Min -, max -.
Status
vulnerable
Jul 02, 2024

Church Admin # CVE-2024-37440

CVE, Research URL

CVE-2024-37440

Application

Church Admin

Date
Nov 01, 2024
Research Description
Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.
Affected versions
Min -, max -.
Status
vulnerable
Jul 08, 2024

Church Admin # CVE-2024-37418

CVE, Research URL

CVE-2024-37418

Application

Church Admin

Date
Jul 09, 2024
Research Description
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.
Affected versions
Min -, max -.
Status
vulnerable
Oct 28, 2024

Church Admin # CVE-2024-50438

CVE, Research URL

CVE-2024-50438

Application

Church Admin

Date
-
Research Description
Church Admin [church-admin] < 5.0.0 CVE-2024-50438
Affected versions
Min -, max -.
Status
vulnerable
Dec 08, 2024

Church Admin # CVE-2024-53795

CVE, Research URL

CVE-2024-53795

Application

Church Admin

Date
Dec 06, 2024
Research Description
Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.
Affected versions
Min -, max -.
Status
vulnerable
Mar 28, 2025

Church Admin # CVE-2025-26941

CVE, Research URL

CVE-2025-26941

Application

Church Admin

Date
Mar 26, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin allows SQL Injection.This issue affects Church Admin: from n/a through 5.0.18.
Affected versions
Min -, max -.
Status
vulnerable