Urgent Update

If you are using a version of the church admin plugin older than 0.810, please update immediately!
Two security vulnerabilities to older versions have been discovered – one of which has a “proof of concept” youtube video public.
Essentially, people with more time and less godliness than they would have in Christ, could insert some Javascript code into the address field of the [church_admin_register] shortcode when they fill the form in or into the “new sermon series” input field in the sermon podcast admin area.

Potentially that could be used to steal cookies and fake your login. It’s called a “Stored XSS vulnerability”

v0.810 stops that and renders any previous attempts harmless.

There’s no evidence that anyone has used the exploit yet, but now it’s public, they may on your site if you don’t update now! Please update even if you don’t use those features as v0.810 has been thoroughly checked for that vulnerability in all it’s features.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.