ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Church Admin Plugin 0.800 - Stored XSS

Product
Church Admin
Description
Better Church Admin plugins is prone to a stored XSS vulnerability that allow to steal cookies or gain privileged access to the affected site.
Solution
Fixed in version 0.810.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-2015-4127
Versions
Affected In <= 0.800
Fixed In 0.810
Disclosure date
2015-05-26
Credits
woodspeed