CVE-2023-38515 MEDIUM

CVE-2023-38515: WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)

Vendor Andy Moyle
Product Church Admin
Weakness CWE-918 · SSRF
Published November 13, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.

Key dates

02Disclosure timeline

November 13, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-46207 WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.6 is vulnerable to Server Side Request Forgery (SSRF) CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability CVE-2026-5737 Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route CVE-2024-38109 Azure Health Bot Elevation of Privilege Vulnerability CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability