If you are using a version of the church admin plugin older than 0.810, please update immediately!
Two security vulnerabilities to older versions have been discovered – one of which has a “proof of concept” youtube video public.
Potentially that could be used to steal cookies and fake your login. It’s called a “Stored XSS vulnerability”
v0.810 stops that and renders any previous attempts harmless.
There’s no evidence that anyone has used the exploit yet, but now it’s public, they may on your site if you don’t update now! Please update even if you don’t use those features as v0.810 has been thoroughly checked for that vulnerability in all it’s features.