CVE-2015-4127

NUCLEI

Church Admin < 0.800 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.

Exploits (1)

exploitdb WORKING POC
by woodspeed · textwebappsphp
https://www.exploit-db.com/exploits/37112

Nuclei Templates (1)

WordPress Church Admin <0.810 - Cross-Site Scripting
MEDIUMby daffainfo

References (5)

Scores

EPSS 0.0231
EPSS Percentile 84.8%

Details

CWE
CWE-79
Status published
Products (1)
church_admin_project/church_admin < 0.800
Published May 28, 2015
Tracked Since Feb 18, 2026