WordPress Plugin Vulnerabilities

Church Admin < 5.0.9 - Missing Authorization

Description

The Church Admin plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on an AJAX action in versions up to, and including, 5.0.8. This makes it possible for unauthenticated attackers to send emails.

Affects Plugins

Fixed in 5.0.9

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Mika
Verified
No

Timeline

Publicly Published
2024-12-02 (about 1 year ago)
Added
2024-12-11 (about 1 year ago)
Last Updated
2024-12-11 (about 1 year ago)

Other