cbcvebase.

Church Admin Project Church Admin vulnerabilities

17 known vulnerabilities affecting church_admin_project/church_admin.

Total CVEs
17
CISA KEV
0
Public exploits
1
Exploited in wild
5
Severity breakdown
CRITICAL1HIGH2MEDIUM14

Vulnerabilities

Page 1 of 1
CVE-2024-37418P1CRITICALCVSS 9.9Exploitedfixed in 4.4.72024-07-09
CVE-2024-37418 [CRITICAL] CWE-434 CVE-2024-37418: Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admi Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.6.
nvd
CVE-2024-30505P2MEDIUMCVSS 6.5Exploitedfixed in 4.1.192024-03-29
CVE-2024-30505 [MEDIUM] CWE-862 CVE-2024-30505: Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Churc Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.
nvd
CVE-2024-31280P2HIGHCVSS 8.8Exploitedfixed in 4.1.62024-04-07
CVE-2024-31280 [HIGH] CWE-434 CVE-2024-31280: Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admi Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.5.
nvd
CVE-2024-31281P2MEDIUMCVSS 6.3Exploitedfixed in 4.1.72024-05-17
CVE-2024-31281 [MEDIUM] CWE-862 CVE-2024-31281: Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Churc Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.
nvd
CVE-2024-30244P2HIGHCVSS 8.8Exploitedfixed in 4.1.282024-03-28
CVE-2024-30244 [HIGH] CWE-89 CVE-2024-30244: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
nvd
CVE-2015-4127P4MEDIUMCVSS 4.3PoC≤ 0.8002015-05-28
CVE-2015-4127 [MEDIUM] CWE-79 CVE-2015-4127: Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allow Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
nvd
CVE-2024-30193P4MEDIUMCVSS 5.4fixed in 4.1.182024-03-27
CVE-2024-30193 [MEDIUM] CWE-79 CVE-2024-30193: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.17.
nvd
CVE-2023-38515P4MEDIUMCVSS 4.9≤ 3.7.562023-11-13
CVE-2023-38515 [MEDIUM] CWE-918 CVE-2023-38515: Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Churc Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.
nvd
CVE-2023-34021P4MEDIUMCVSS 6.1≤ 3.7.292023-06-23
CVE-2023-34021 [MEDIUM] CWE-79 CVE-2023-34021: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7. Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
nvd
CVE-2024-30197P4MEDIUMCVSS 5.4fixed in 4.0.272024-03-27
CVE-2024-30197 [MEDIUM] CWE-79 CVE-2024-30197: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.26.
nvd
CVE-2024-35764P4MEDIUMCVSS 5.4fixed in 4.4.52024-06-21
CVE-2024-35764 [MEDIUM] CWE-79 CVE-2024-35764: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.4.
nvd
CVE-2024-37440P4MEDIUMCVSS 4.3fixed in 4.4.52024-11-01
CVE-2024-37440 [MEDIUM] CWE-862 CVE-2024-37440: Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Churc Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.4.
nvd
CVE-2022-0833P4MEDIUMCVSS 4.3fixed in 3.4.1352022-03-28
CVE-2022-0833 [MEDIUM] CWE-352 CVE-2022-0833: The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final back
nvd
CVE-2024-35637P4MEDIUMCVSS 4.4fixed in 4.4.02024-06-03
CVE-2024-35637 [MEDIUM] CWE-918 CVE-2024-35637: Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.This issue Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.3.6.
nvd
CVE-2024-34828P4MEDIUMCVSS 4.3fixed in 4.2.02024-05-14
CVE-2024-34828 [MEDIUM] CWE-352 CVE-2024-34828: Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue a Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.32.
nvd
CVE-2024-32090P4MEDIUMCVSS 4.3fixed in 4.1.282024-04-15
CVE-2024-32090 [MEDIUM] CWE-352 CVE-2024-32090: Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue a Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
nvd
CVE-2024-30493P4MEDIUMCVSS 4.3fixed in 4.1.82024-03-29
CVE-2024-30493 [MEDIUM] CWE-352 CVE-2024-30493: Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue a Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.7.
nvd
Church Admin Project Church Admin vulnerabilities | cvebase