Skip to main content

Church Admin

6 CVEs product

Monthly

CVE-2026-61983 MEDIUM This Month

Missing authorization in the Church Admin WordPress plugin (versions through 5.0.30) allows unauthenticated remote attackers to invoke plugin endpoints and perform unauthorized write operations without authentication. The root cause is incorrectly configured access control security levels (CWE-862), where certain plugin actions omit the required capability or nonce checks. No public exploit code or active exploitation has been identified at time of analysis, though the zero-barrier CVSS vector (PR:N, AC:L, AV:N) means opportunistic abuse is technically straightforward for any attacker who can reach the WordPress instance.

Authentication Bypass Church Admin
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-38515 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.7.56. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Church Admin
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30782 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Church Admin
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34021 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Church Admin
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-0833 MEDIUM POC This Month

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Church Admin
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2015-4127 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Church Admin
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in the Church Admin WordPress plugin (versions through 5.0.30) allows unauthenticated remote attackers to invoke plugin endpoints and perform unauthorized write operations without authentication. The root cause is incorrectly configured access control security levels (CWE-862), where certain plugin actions omit the required capability or nonce checks. No public exploit code or active exploitation has been identified at time of analysis, though the zero-barrier CVSS vector (PR:N, AC:L, AV:N) means opportunistic abuse is technically straightforward for any attacker who can reach the WordPress instance.

Authentication Bypass Church Admin
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.7.56. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Church Admin
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Church Admin
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Church Admin
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Church Admin
NVD WPScan
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy