CVE-2015-4127

Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
church_admin_projectchurch_admin
𝑥
≤ 0.800
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html
http://www.osvdb.org/121304
http://www.securityfocus.com/bid/74782
https://wordpress.org/plugins/church-admin/changelog/
https://www.exploit-db.com/exploits/37112/
http://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html
http://www.osvdb.org/121304
http://www.securityfocus.com/bid/74782
https://wordpress.org/plugins/church-admin/changelog/
https://www.exploit-db.com/exploits/37112/