CVE-2015-4127

Currently unrated

Key Information:

Vendor: Wordpress
Status: Church Admin
Vendor: CVE Published:; 28 May 2015

Summary

Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.

References

http://www.osvdb.org/121304

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/74782

vdb-entryx_refsource_BID

https://wordpress.org/plugins/church-admin/changelog/

x_refsource_CONFIRM

Timeline

Vulnerability published
May 28, 2015
Vulnerability Reserved
May 28, 2015