Cross-site Scripting Vulnerability in Church Admin by Andy Moyle
CVE-2024-50438

7.1HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
28 October 2024

What is CVE-2024-50438?

A vulnerability in the Church Admin plugin by Andy Moyle allows for improper neutralization of input during web page generation, leading to Reflective Cross-site Scripting (XSS). This flaw could enable attackers to inject malicious scripts when users access the affected web pages. Websites using versions prior to 5.0.0 are at risk, as they may allow unauthorized actions to be performed by an attacker when a user interacts with vulnerable web content.

Affected Version(s)

Church Admin 0 <= 5.0.0

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.