Cross-site Scripting Vulnerability in Church Admin Plugin for WordPress
CVE-2015-4127

Currently unrated

Key Information:

Vendor: Wordpress
Status: Church Admin
Vendor: CVE Published:; 28 May 2015

Summary

The Church Admin plugin for WordPress prior to version 0.810 is vulnerable to a cross-site scripting (XSS) flaw. This allows remote attackers to inject arbitrary web scripts or HTML into the application via the 'address' parameter. An exploit can occur via requests to specific URLs, such as index.php/2015/05/21/church_admin-registration-form/, potentially compromising user data and site integrity. Website administrators are urged to update to the latest version to mitigate the risk of exploitation.

References

http://www.osvdb.org/121304

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/74782

vdb-entryx_refsource_BID

https://wordpress.org/plugins/church-admin/changelog/

x_refsource_CONFIRM

Timeline

Vulnerability published
May 28, 2015
Vulnerability Reserved
May 28, 2015