Please update to v0.810

  |   By  |  0 Comments


Warning: Undefined variable $church_admin_version in /home/thegatew/public_html/churchadminplugin/wp-content/plugins/church-admin/index.php on line 3749

Warning: Undefined variable $admin_email in /home/thegatew/public_html/churchadminplugin/wp-content/plugins/church-admin/index.php on line 3751

Last night, I got an email pointing out a vulnerability in the

Register/Login

shortcode that allows a malicious person to add some javascript to the address field, which would make the address list pages vulnerable to XSS hacks.

I’ve gone through all the code for the whole plugin, making sure that vulnerability was plugged and not repeated anywhere else. The WordPress security team have also been notified.

Version 0.810 has got rid of the vulnerability. In the unlikely any malicious people have already exploited the vulnerabilty – their address field will look like a bunch of code but not actually do anything bad.

 

name

ABOUT THE AUTHOR - ANDY MOYLE

Andy Moyle is an experienced church planter based in the United Kingdom. He helps to serve and shape church planting in the mainland of Europe for the Relational Mission family of churches. The Church Admin plugin has been a labour of love for nearly 20 years serving the worldwide church and is used by churches of 50 and churches of thousands! kofiwidget2.init('Support Me on Ko-fi', '#29abe0', 'Z8Z3IRVTU');kofiwidget2.draw();