CVE-2015-4127

Name of the Vulnerable Software and Affected Versions church admin plugin versions prior to 0.810

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the address parameter. This can be demonstrated by a request to "index.php/2015/05/21/church admin-registration-form/".

Recommendations For versions prior to 0.810, update to version 0.810 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable address parameter in the church admin plugin until a patch is applied.