CVE-2023-34021: WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)
First published: Fri Jun 23 2023(Updated: )
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Andy Moyle Church Admin | <=3.7.29 |
Remedy
Update to 3.7.30 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-34021?
CVE-2023-34021 is an Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability found in the Andy Moyle Church Admin plugin version 3.7.29 and below.
How does CVE-2023-34021 affect the Church Admin plugin?
CVE-2023-34021 allows remote attackers to inject malicious scripts into web pages viewed by the plugin's users, potentially leading to session hijacking or unauthorized actions.
What is the severity level of CVE-2023-34021?
CVE-2023-34021 has a severity level of 6.1 (High).
How can I fix CVE-2023-34021?
To fix CVE-2023-34021, it is recommended to update the Andy Moyle Church Admin plugin to version 3.7.30 or higher, as it contains a patch for the vulnerability.
What is the Common Weakness Enumeration (CWE) associated with CVE-2023-34021?
The Common Weakness Enumeration (CWE) associated with CVE-2023-34021 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/church admin project
- canonical/andy moyle church admin
- version/andy moyle church admin/3.7.29