CVE-2024-31280 - Vulnerability Details - OpenCVE

Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00437.

Key SSVC decision points have not yet been added.

Vendors	Products
Church Admin Project Subscribe	Church Admin Subscribe

Configuration 1 [-]

cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-29176	Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.

Fixes

Solution

Update to 4.1.6 or a higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve

History

Wed, 21 Jan 2026 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Church Admin Project Church Admin Project church Admin
CPEs		cpe:2.3:a:church_admin_project:church_admin::::::wordpress::*
Vendors & Products		Church Admin Project Church Admin Project church Admin

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-04-07T17:33:12.123Z

Updated: 2024-08-26T18:44:49.685Z

Reserved: 2024-03-29T16:49:21.489Z

Link: CVE-2024-31280

Vulnrichment

Updated: 2024-08-02T01:46:04.997Z

NVD

Status : Analyzed

Published: 2024-04-07T18:15:10.827

Modified: 2026-01-21T21:24:17.280

Link: CVE-2024-31280

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31280", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-29T16:49:21.489Z", "datePublished": "2024-04-07T17:33:12.123Z", "dateUpdated": "2024-08-26T18:44:49.685Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "church-admin", "product": "Church Admin", "vendor": "Andy Moyle", "versions": [{"changes": [{"at": "4.1.6", "status": "unaffected"}], "lessThanOrEqual": "4.1.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Peng Zhou (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.<p>This issue affects Church Admin: from n/a through 4.1.5.</p>"}], "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-07T17:33:12.123Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.1.6 or a higher version."}], "value": "Update to 4.1.6 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:46:04.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve"}]}, {"affected": [{"vendor": "andymoyle", "product": "church_admin", "cpes": ["cpe:2.3:a:andymoyle:church_admin:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.1.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-08T19:38:04.048655Z", "id": "CVE-2024-31280", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T18:44:49.685Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:46:04.997Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31280", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-08T19:38:04.048655Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:andymoyle:church_admin:*:*:*:*:*:*:*:*"], "vendor": "andymoyle", "product": "church_admin", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.1.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T18:44:44.827Z"}}], "cna": {"title": "WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Peng Zhou (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Andy Moyle", "product": "Church Admin", "versions": [{"status": "affected", "changes": [{"at": "4.1.6", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "4.1.5"}], "packageName": "church-admin", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 4.1.6 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 4.1.6 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.\n\n", "supportingMedia": [{"type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.<p>This issue affects Church Admin: from n/a through 4.1.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-07T17:33:12.123Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31280", "state": "PUBLISHED", "dateUpdated": "2024-08-26T18:44:49.685Z", "dateReserved": "2024-03-29T16:49:21.489Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-04-07T17:33:12.123Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "575BE61F-5508-4F35-80C0-32740C5C9C0B", "versionEndExcluding": "4.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.\n\n"}, {"lang": "es", "value": "Carga de archivos sin restricciones con vulnerabilidad de tipo peligroso en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.1.5."}], "id": "CVE-2024-31280", "lastModified": "2026-01-21T21:24:17.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-07T18:15:10.827", "references": [{"source": "audit@patchstack.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "audit@patchstack.com", "type": "Secondary"}]}