Server-Side Request Forgery in Church Admin Plugin for WordPress
CVE-2026-0682
2.2LOW
What is CVE-2026-0682?
The Church Admin plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF) due to inadequate validation of URLs provided by users in the 'audio_url' parameter. This vulnerability permits attackers, who possess Administrator access, to initiate unauthorized web requests from the application to arbitrary destinations. Consequently, this exploitation could lead to unauthorized queries and modifications to internal services, emphasizing the need for robust security measures within the plugin.
Affected Version(s)
Church Admin 0 <= 5.0.28