PT-2026-3344 · WordPress · Church Admin
Phap Nguyen Anh
·
Published
2026-01-17
·
Updated
2026-01-17
·
CVE-2026-0682
CVSS v3.1
2.2
Low
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Church Admin plugin for WordPress versions up to and including 5.0.28
Description
The Church Admin plugin for WordPress is susceptible to Server-Side Request Forgery due to inadequate validation of user-supplied URLs. Specifically, the
audio url parameter lacks sufficient input validation. This allows authenticated attackers with Administrator-level access to initiate web requests to arbitrary locations from the web application. This could potentially allow querying and modification of information from internal services.Recommendations
Update the Church Admin plugin to a version later than 5.0.28.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Church Admin