Approved changes feed: RSS · Atom

cpe:2.3:a:andy_moyle:church_admin:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAndy Moyle (1a8a5bd7-1fe2-5bb7-b897-4baa127b17c0)
ProductChurch Admin (736f88c4-035b-5b12-9c18-3857f5973806)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-0682 vulnerable 2026-06-08 07:47:12.911900 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter
LOW (2.2)
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Published: 2026-01-17T03:24:24.110Z
Updated: 2026-04-08T17:01:39.665Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-57896 vulnerable 2026-06-08 07:33:16.320176 WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <= 5.0.26.
Published: 2025-08-22T12:00:03.838Z
Updated: 2026-04-28T16:13:37.687Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-39555 vulnerable 2026-06-08 07:23:06.751758 WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a through <= 5.0.23.
Published: 2025-04-16T12:44:35.627Z
Updated: 2026-04-28T16:12:34.691Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-39553 vulnerable 2026-06-08 07:23:06.749976 WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9.
Published: 2025-09-09T16:25:29.464Z
Updated: 2026-04-28T16:12:34.618Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-26941 vulnerable 2026-06-08 07:14:50.706482 WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through <= 5.0.18.
Published: 2025-03-26T14:40:50.896Z
Updated: 2026-04-28T16:11:44.479Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-53795 vulnerable 2026-06-08 06:54:15.534405 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-50438 vulnerable 2026-06-08 06:52:10.089646 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-37440 vulnerable 2026-06-08 06:39:47.576527 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-37418 vulnerable 2026-06-08 06:39:47.528820 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-35764 vulnerable 2026-06-08 06:39:42.669353 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-35637 vulnerable 2026-06-08 06:39:42.205886 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-34828 vulnerable 2026-06-08 06:37:35.097556 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32090 vulnerable 2026-06-08 06:35:32.717469 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31281 vulnerable 2026-06-08 06:35:31.225081 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31280 vulnerable 2026-06-08 06:35:31.224560 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30505 vulnerable 2026-06-08 06:35:30.472666 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30493 vulnerable 2026-06-08 06:35:30.451546 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30244 vulnerable 2026-06-08 06:35:29.316312 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30197 vulnerable 2026-06-08 06:35:29.231019 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30193 vulnerable 2026-06-08 06:35:29.224458 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-38515 vulnerable 2026-06-08 06:08:18.141881 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-34021 vulnerable 2026-06-08 06:06:24.218728 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-30782 vulnerable 2026-06-08 06:04:41.138359 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.