Church Admin
Approved changes feed: RSS · Atom
cpe:2.3:a:andy_moyle:church_admin:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Andy Moyle (1a8a5bd7-1fe2-5bb7-b897-4baa127b17c0) |
|---|---|
| Product | Church Admin (736f88c4-035b-5b12-9c18-3857f5973806) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-0682 |
vulnerable | 2026-06-08 07:47:12.911900 |
Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter
LOW (2.2)
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Published: 2026-01-17T03:24:24.110Z
Updated: 2026-04-08T17:01:39.665Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57896 |
vulnerable | 2026-06-08 07:33:16.320176 |
WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <= 5.0.26.
Published: 2025-08-22T12:00:03.838Z
Updated: 2026-04-28T16:13:37.687Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-39555 |
vulnerable | 2026-06-08 07:23:06.751758 |
WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a through <= 5.0.23.
Published: 2025-04-16T12:44:35.627Z
Updated: 2026-04-28T16:12:34.691Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-39553 |
vulnerable | 2026-06-08 07:23:06.749976 |
WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9.
Published: 2025-09-09T16:25:29.464Z
Updated: 2026-04-28T16:12:34.618Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-26941 |
vulnerable | 2026-06-08 07:14:50.706482 |
WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through <= 5.0.18.
Published: 2025-03-26T14:40:50.896Z
Updated: 2026-04-28T16:11:44.479Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53795 |
vulnerable | 2026-06-08 06:54:15.534405 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50438 |
vulnerable | 2026-06-08 06:52:10.089646 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37440 |
vulnerable | 2026-06-08 06:39:47.576527 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37418 |
vulnerable | 2026-06-08 06:39:47.528820 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35764 |
vulnerable | 2026-06-08 06:39:42.669353 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35637 |
vulnerable | 2026-06-08 06:39:42.205886 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34828 |
vulnerable | 2026-06-08 06:37:35.097556 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32090 |
vulnerable | 2026-06-08 06:35:32.717469 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31281 |
vulnerable | 2026-06-08 06:35:31.225081 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31280 |
vulnerable | 2026-06-08 06:35:31.224560 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30505 |
vulnerable | 2026-06-08 06:35:30.472666 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30493 |
vulnerable | 2026-06-08 06:35:30.451546 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30244 |
vulnerable | 2026-06-08 06:35:29.316312 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30197 |
vulnerable | 2026-06-08 06:35:29.231019 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30193 |
vulnerable | 2026-06-08 06:35:29.224458 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38515 |
vulnerable | 2026-06-08 06:08:18.141881 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34021 |
vulnerable | 2026-06-08 06:06:24.218728 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-30782 |
vulnerable | 2026-06-08 06:04:41.138359 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.