Cross-site Scripting Vulnerability in Church Admin by Andy Moyle
CVE-2024-50438
7.1HIGH
What is CVE-2024-50438?
A vulnerability in the Church Admin plugin by Andy Moyle allows for improper neutralization of input during web page generation, leading to Reflective Cross-site Scripting (XSS). This flaw could enable attackers to inject malicious scripts when users access the affected web pages. Websites using versions prior to 5.0.0 are at risk, as they may allow unauthorized actions to be performed by an attacker when a user interacts with vulnerable web content.
Affected Version(s)
Church Admin 0 <= 5.0.0