Primary

Context

WordPress Church Admin Plugin Missing Authorization Vulnerability Allowing Sensitive Data Exposure

Vulnerability

Patched

A missing authorization vulnerability has been identified in the WordPress Church Admin plugin, affecting versions through 5.0.9. This vulnerability allows unauthorized users to access sensitive information that is typically restricted, potentially leading to the exploitation of other weaknesses within the system.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data, which could be used to exploit additional vulnerabilities within the application or system.

Remediation

Users of the WordPress Church Admin plugin should update to version 5.0.10 or later to address this vulnerability. Patchstack users can enable auto-update for vulnerable plugins.

Added: Sep 9, 2025, 7:10 PM

Updated: Sep 9, 2025, 7:10 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Church Admin Plugin Missing Authorization Vulnerability Allowing Sensitive Data Exposure

Vulnerability

Impact

Remediation

Affected Products

andy_moyle Church Admin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating