cbcvebase.

Andy Moyle Church Admin vulnerabilities

23 known vulnerabilities affecting andy_moyle/church_admin.

Total CVEs
23
CISA KEV
0
Public exploits
0
Exploited in wild
5
Severity breakdown
CRITICAL2HIGH2MEDIUM18LOW1

Vulnerabilities

Page 1 of 2
CVE-2024-37418P1CRITICALCVSS 9.9Exploited≤ 4.4.62024-07-09
CVE-2024-37418 [CRITICAL] CWE-434 CVE-2024-37418: Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admi Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.6.
nvd
CVE-2024-30505P2MEDIUMCVSS 6.5Exploited≤ 4.1.182024-03-29
CVE-2024-30505 [MEDIUM] CWE-862 CVE-2024-30505: Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Churc Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.
nvd
CVE-2024-31280P2HIGHCVSS 8.8Exploited≤ 4.1.52024-04-07
CVE-2024-31280 [HIGH] CWE-434 CVE-2024-31280: Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admi Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.5.
nvd
CVE-2024-31281P2MEDIUMCVSS 6.3Exploited≤ 4.1.62024-05-17
CVE-2024-31281 [MEDIUM] CWE-862 CVE-2024-31281: Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Churc Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.
nvd
CVE-2024-30244P2HIGHCVSS 8.8Exploited≤ 4.0.272024-03-28
CVE-2024-30244 [HIGH] CWE-89 CVE-2024-30244: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
nvd
CVE-2025-26941P3CRITICALCVSS 9.3≤ 5.0.182025-03-26
CVE-2025-26941 [CRITICAL] CWE-89 CVE-2025-26941: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through <= 5.0.18.
nvd
CVE-2024-53795P4MEDIUMCVSS 5.3≤ 5.0.82024-12-06
CVE-2024-53795 [MEDIUM] CWE-862 CVE-2024-53795: Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Accessing Functio Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through <= 5.0.8.
nvd
CVE-2025-57896P4MEDIUMCVSS 5.3≤ 5.0.262025-08-22
CVE-2025-57896 [MEDIUM] CWE-862 CVE-2025-57896: Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorr Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <= 5.0.26.
nvd
CVE-2025-39555P4MEDIUMCVSS 6.5≤ 5.0.232025-04-16
CVE-2025-39555 [MEDIUM] CWE-79 CVE-2025-39555: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a through <= 5.0.23.
nvd
CVE-2024-50438P4MEDIUMCVSS 6.1≤ 5.0.02024-10-28
CVE-2024-50438 [MEDIUM] CWE-79 CVE-2024-50438: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Reflected XSS.This issue affects Church Admin: from n/a through < 5.0.0.
nvd
CVE-2024-30193P4MEDIUMCVSS 5.4≤ 4.1.172024-03-27
CVE-2024-30193 [MEDIUM] CWE-79 CVE-2024-30193: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.17.
nvd
CVE-2023-38515P4MEDIUMCVSS 4.9≥ n/a, ≤ 3.7.562023-11-13
CVE-2023-38515 [MEDIUM] CWE-918 CVE-2023-38515: Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Churc Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.
nvd
CVE-2023-30782P4MEDIUMCVSS 6.1≥ n/a, ≤ 3.7.52023-08-16
CVE-2023-30782 [MEDIUM] CWE-79 CVE-2023-30782: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7. Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.
nvd
CVE-2023-34021P4MEDIUMCVSS 6.1≥ n/a, ≤ 3.7.292023-06-23
CVE-2023-34021 [MEDIUM] CWE-79 CVE-2023-34021: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7. Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
nvd
CVE-2024-30197P4MEDIUMCVSS 5.4≤ 4.0.262024-03-27
CVE-2024-30197 [MEDIUM] CWE-79 CVE-2024-30197: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.26.
nvd
CVE-2024-35764P4MEDIUMCVSS 5.4≤ 4.4.42024-06-21
CVE-2024-35764 [MEDIUM] CWE-79 CVE-2024-35764: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.4.
nvd
CVE-2024-37440P4MEDIUMCVSS 4.3≤ 4.4.42024-11-01
CVE-2024-37440 [MEDIUM] CWE-862 CVE-2024-37440: Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Churc Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.4.
nvd
CVE-2025-39553P4MEDIUMCVSS 4.3≤ 5.0.92025-09-09
CVE-2025-39553 [MEDIUM] CWE-862 CVE-2025-39553: Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Churc Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9.
nvd
CVE-2024-35637P4MEDIUMCVSS 4.4≤ 4.3.62024-06-03
CVE-2024-35637 [MEDIUM] CWE-918 CVE-2024-35637: Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.This issue Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.3.6.
nvd
CVE-2024-34828P4MEDIUMCVSS 4.3≤ 4.1.322024-05-14
CVE-2024-34828 [MEDIUM] CWE-352 CVE-2024-34828: Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue a Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.32.
nvd
Andy Moyle Church Admin vulnerabilities | cvebase