CVE-2024-30505

MEDIUM EPSS 37.1%

Published Mar 29, 20242y ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Mar 29, 2024 2y ago

Last Modified Jun 17, 2026 1w ago

Description

Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.

Base Score

6.5

Exploitability

3.9

Impact

2.5

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity Low

Availability Low

EPSS Exploit Probability

37.1% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

CWE-862 Missing Authorization Authorization

Vendor	Product	Version	Range
church_admin_project	church_admin	*	<4.1.19

patchstack.com https://patchstack.com/database/Wordpress/Plugin/church-admin/vulnerability/wordpress-church-admin-plugin-4-1-18-broken-access-control-vulnerability?_s_id=cve
patchstack.com https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-18-broken-access-control-vulnerability?_s_id=cve

PatchThird Party Advisory

patchstack.com https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-18-broken-access-control-vulnerability?_s_id=cve

PatchThird Party Advisory