Church Admin <= 3.4.134 - Cross-Site Request Forgery leading to Plugin Backup Disclosure

4.3
Cross-Site Request Forgery (CSRF)
CVE CVE-2022-0833
CVSS 4.3 (Medium)
Publicly Published March 7, 2022
Last Updated February 2, 2023
Researcher cydave

Description

The Church Admin plugin for WordPress is vulnerable to Unauthenticated Backup Disclosure in versions up to, and including, 3.4.134. Attackers can repeatedly request the "refresh-backup" action and simultaneously request a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename. Once obtaining that backup name, the plugin lacks sufficient protections to prevent accessing those files externally. This makes it possible for unauthenticated attackers to download the backup of the plugin's data once they conduct this attack, which requires a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

References

Share

Vulnerability Details for Church Admin

Software Type Plugin
Software Slug church-admin (view on wordpress.org)
Patched? Yes
Remediation Update to version 3.4.135, or a newer patched version
Affected Version
  • < 3.4.135
Patched Version
  • 3.4.135

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation