← Back

Sermon Browser

sermon_browser

Vendor: Sermon Browser Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-0499
1Sermon Browser Project
1Sermon Browser
Jun 17, 2026
Mar 28, 2022
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary fil...Show more
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.Show less
CVE-2016-10897
1Sermon Browser Project
1Sermon Browser
Nov 21, 2024
Aug 21, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues.