First published: Wed Mar 26 2025(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin allows SQL Injection.This issue affects Church Admin: from n/a through 5.0.18.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Andy Moyle Church Admin | <=5.0.18 | |
WordPress Church Admin plugin | <=5.0.18 |
Update the WordPress Church Admin wordpress plugin to the latest available version (at least 5.0.19).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-26941 has been classified as a high severity SQL Injection vulnerability.
To fix CVE-2025-26941, update the Church Admin plugin to version 5.0.19 or later.
CVE-2025-26941 affects Andy Moyle Church Admin versions up to and including 5.0.18.
CVE-2025-26941 is an SQL Injection vulnerability due to improper neutralization of special elements.
Yes, CVE-2025-26941 can allow attackers to manipulate database queries, potentially leading to unauthorized data access.