WordPress Plugin Vulnerabilities

Church Admin 0.33.2.1 - Unauthenticated Directory Traversal

Description

The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack.

Proof of Concept

Affects Plugins

Plugin icon
church-admin
Fixed in 0.565

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
malwrforensics
Submitter website
http://www.malwrforensics.com
Submitter twitter
@malwrforensics
Verified
No
WPVDB ID
5847628d-0607-4921-b97c-0463f1346a48

Timeline

Publicly Published
2017-12-28 (about 8 years ago)
Added
2018-01-10 (about 8 years ago)
Last Updated
2018-01-10 (about 8 years ago)

Other

Published
Title
Published
2025-03-27
Title
CM Download Manager < 3.0.0 - Unauthenticated Arbitrary File Deletion
Published
2025-04-16
Title
WP Editor < 1.2.9.2 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update
Published
2024-12-17
Title
WPLMS < 1.9.9.5.2 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2024-05-06
Title
Startklar Elementor Addons < 1.7.14 - Unauthenticated Arbitrary File Deletion
Published
2025-01-31
Title
Jupiterx Core < 4.8.8 - Authenticated (Contributor+) Arbitrary File Read