WordPress Plugin Vulnerabilities

Church Admin < 0.810 - Stored Cross-Site Scripting (XSS)

Description

On the registration form the address field is not validated before returning it to the user.

Affects Plugins

Plugin icon
church-admin
Fixed in 0.810

References

CVE
CVE-2015-4127
Exploitdb
37112
URL
https://packetstormsecurity.com/files/#132034/
URL
https://plugins.trac.wordpress.org/changeset/1140747/church-admin

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Viktor Gazdag
Submitter twitter
wucpi
Verified
No
WPVDB ID
2d5b3707-f58a-4154-93cb-93f7058e3408

Timeline

Publicly Published
2015-05-19 (about 10 years ago)
Added
2015-05-22 (about 10 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-04-21
Title
Gallagher Website Design < 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute
Published
2023-01-23
Title
WP Popups < 2.1.4.9 - Contributor+ Stored XSS
Published
2024-02-02
Title
Biteship < 2.2.25 - Reflected Cross-Site Scripting via biteship_error and biteship_message
Published
2026-02-25
Title
Architecturer < 3.9.5 - Reflected Cross-Site Scripting
Published
2025-02-22
Title
Easy Charts < 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting