Church Admin < 3.8.0 – Server-Side Request Forgery (SSRF) | CVE 2023-38515

Affects Plugins

church-admin

Fixed in 3.8.0

References

CVE

CVE-2023-38515

Classification

Type

SSRF

OWASP top 10

A1: Injection

CWE

CWE-918

CVSS

5.5 (medium)

Miscellaneous

Original Researcher

Yuchen Ji

Verified

No

WPVDB ID

c4e3966e-ced9-4187-a265-95cd7dc9904e

Timeline

Publicly Published

2023-11-13 (about 2 years ago)

Added

2023-11-13 (about 2 years ago)

Last Updated

2023-11-13 (about 2 years ago)

Other

Published

Title

Published

2024-11-04

Title

Responsive Filterable Portfolio < 1.0.23 - Server-Side Request Forgery

Published

2024-03-26

Title

Gutenberg Blocks with AI by Kadence WP – Page Builder Features < 3.2.20 - Contributor+ Server-Side Request Forgery

Published

2026-03-20

Title

Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field

Published

2025-06-19

Title

PowerPress Podcasting < 11.13.12 - Contributor+ Server-Side Request Forgery

Published

2024-07-11

Title

Seraphinite Post .DOCX Source < 2.16.10 - Authenticated (Subscriber+) Server-Side Request Forgery