CVE-2024-50438
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Reflected XSS.This issue affects Church Admin: from n/a through < 5.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS in WordPress Church Admin plugin allows attackers to inject malicious scripts via crafted requests, requiring user interaction.
Vulnerability
Overview The Church Admin plugin for WordPress versions prior to 5.0.0 is vulnerable to reflected cross-site scripting (XSS) due to improper neutralization of user input during web page generation [1]. This vulnerability is classified as high severity with a CVSS score of 7.1.
Exploitation
Details Attackers can exploit this vulnerability by crafting a malicious link or request that, when interacted with by a privileged user (such as an admin), causes the injection of arbitrary HTML or JavaScript into the page [1]. Successful exploitation requires user interaction, such as clicking a link or submitting a form.
Impact
If exploited, an attacker can inject malicious scripts, redirects, advertisements, or other payloads into the website, which are then executed when visitors access the affected pages [1]. This can lead to defacement, data theft, or further compromise of the site.
Mitigation
Users are strongly advised to update the Church Admin plugin to version 5.0.0 or later [1]. For those unable to update immediately, Patchstack provides a mitigation rule that blocks attacks until the patch is applied [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- cpe:2.3:a:themoyles:church_admin:*:*:*:*:*:wordpress:*:*Range: <5.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.