Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ChurchCRM — Vulnerabilities & Security Advisories 68

Browse all 68 CVE security advisories affecting ChurchCRM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by ChurchCRM:CRMChurchCRM
CVE IDTitleCVSSSeverityPublished
CVE-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field — CRMCWE-79 4.8 Medium2026-04-18
CVE-2026-40581 ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion — CRMCWE-352 8.1 High2026-04-17
CVE-2026-40485 ChurchCRM: Username Enumeration via Differential Response in Public Login API — CRMCWE-307 5.3 Medium2026-04-17
CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function — CRMCWE-269 9.1 Critical2026-04-17
CVE-2026-40483 ChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment Field — CRMCWE-79 5.4 Medium2026-04-17
CVE-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout — CRMCWE-288 9.8AICriticalAI2026-04-17
CVE-2026-40480 ChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}` — CRMCWE-639 6.5AIMediumAI2026-04-17
CVE-2026-40482 ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}` — CRMCWE-89 8.8AIHighAI2026-04-17
CVE-2026-39940 ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php — CRMCWE-601 5.4 -2026-04-13
CVE-2026-39941 ChurchCRM has an XSS vulnerability — CRMCWE-79 6.1AIMediumAI2026-04-09
CVE-2026-39337 ChurchCRM Affected by Unauthenticated RCE in Install Wizard — CRMCWE-94 10.0 Critical2026-04-07
CVE-2026-39319 ChurchCRM has a Second Order SQLI via FundRaiserEditor.php — CRMCWE-89 8.8 High2026-04-07
CVE-2026-39344 Reflected XSS the login page through the 'username' parameter — CRMCWE-80 6.1AIMediumAI2026-04-07
CVE-2026-39343 ChurchCRM has a SQL Injection in Event Type Editor (Admin) — CRMCWE-89 7.2 High2026-04-07
CVE-2026-39342 ChurchCRM has a SQL injection searchwhat parameter via QueryView.php — CRMCWE-89 8.8AIHighAI2026-04-07
CVE-2026-39341 SQL injection in ChurchCRM.0 — CRMCWE-89 8.1 High2026-04-07
CVE-2026-39340 ChurchCRM has a SQL Injection in PropertyTypeEditor.php via Incorrect Sanitizer Substitution — CRMCWE-89 8.1 High2026-04-07
CVE-2026-39339 ChurchCRM has an API Authentication Bypass — CRMCWE-284 9.1 Critical2026-04-07
CVE-2026-39338 ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration — CRMCWE-79 5.4AIMediumAI2026-04-07
CVE-2026-39336 ChurchCRM has Stored XSS from unescaped config values in HTML attributes — CRMCWE-79 6.1 Medium2026-04-07
CVE-2026-39334 ChurchCRM has a Blind SQL injection in SettingsIndividual.php — CRMCWE-89 8.8 High2026-04-07
CVE-2026-39333 ChurchCRM has Reflected XSS in DateStart/DateEnd parameters in FindFundRaiser.php — CRMCWE-79 8.7 High2026-04-07
CVE-2026-39332 ChurchCRM has Reflected Cross-Site Scripting (XSS) in GeoPage.php — CRMCWE-79 8.7 High2026-04-07
CVE-2026-39331 ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families — CRMCWE-639 8.1 High2026-04-07
CVE-2026-39330 ChurchCRM has a Blind SQL injection in PropertyAssign.php — CRMCWE-89 8.8 High2026-04-07
CVE-2026-39329 ChurchCRM has a Blind SQL injection in EventNames.php — CRMCWE-89 8.8 High2026-04-07
CVE-2026-39328 ChurchCRM has Stored XSS in Social Profile Fields — CRMCWE-79 8.9 High2026-04-07
CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php — CRMCWE-89 8.8 High2026-04-07
CVE-2026-39326 ChurchCRM has a Blind SQL injection in PropertyTypeEditor.php — CRMCWE-89 8.8 High2026-04-07
CVE-2026-39325 ChurchCRM has a Blind SQL injection in SettingsUser.php — CRMCWE-89 7.2 High2026-04-07

This page lists every published CVE security advisory associated with ChurchCRM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.