CNNVD-202601-2931 Information

Jan 17, 2026 cve

CNNVD ID

CNNVD-202601-2931

CVE-2026-0682

CNNVD Published: 2026-01-17

Description (Chinese)

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Church Admin 5.0.28及之前版本存在代码问题漏洞，该漏洞源于对audio_url参数中用户提供URL的验证不足，可能导致服务端请求伪造攻击。

Description (English)

WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL-based servers. WordPress plugin is an application plugin. WordPress plugin Church Admin 5.0.28 and previous versions had a code problem loophole, which stemmed from insufficient verification of URLs for users in the audio url parameter, which could result in the service-side request for a false attack.

Hazard Level

Critical

Vulnerability Type

代码问题

Affected Vendor

WordPress

Published

2026-01-17

Last Modified

2026-02-24

References

https://plugins.trac.wordpress.org/browser/church-admin/tags/5.0.27/includes/functions.php#L6297 https://plugins.trac.wordpress.org/browser/church-admin/tags/5.0.27/includes/sermon-podcast.php#L1181 https://plugins.trac.wordpress.org/browser/church-admin/trunk/includes/functions.php#L6297 https://plugins.trac.wordpress.org/browser/church-admin/trunk/includes/sermon-podcast.php#L1181 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3440847%40church-admin&new=3440847%40church-admin&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/77227fc5-7c38-476d-af4c-4b2ad3dd8420?source=cve https://access.redhat.com/security/cve/cve-2026-0682

Patch

https://wordpress.org/plugins/church-admin

Share on: