WPCHURCH

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-32303	WordPress Church Management	Cri	0.60	9.3	Jan 7, 2026	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2025-31643	WordPress Church Management	Hig	0.57	8.8	Jan 7, 2026	Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2025-32304	WordPress Church Management	Hig	0.53	8.1	Jan 6, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.

CVE-2025-32303CriJan 7, 2026
WordPress
Church Management
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2025-31643HigJan 7, 2026
WordPress
Church Management
risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2025-32304HigJan 6, 2026
WordPress
Church Management
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.