Woodspeed

**Name of the Vulnerable Software and Affected Versions** church admin plugin versions prior to 0.810 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `address` parameter. This can be demonstrated by a request to "index.php/2015/05/21/church admin-registration-form/". **Recommendations** For versions prior to 0.810, update to version 0.810 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `address` parameter in the church admin plugin until a patch is applied.