PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-61983 andy_moyle CVE debrief

A Missing Authorization vulnerability was found in the Church Admin plugin. This issue allows for Exploiting Incorrectly Configured Access Control Security Levels and affects Church Admin versions from n/a through 5.0.30. The vulnerability has been assigned a CVSS score of 5.3 and a severity of MEDIUM. Users of Church Admin plugin versions up to 5.0.30 should be aware of this vulnerability and take necessary actions. The CVE record was published on 2026-07-13T10:16:47.510Z and has not been modified since then.

Vendor
andy_moyle
Product
Church Admin
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Church Admin plugin versions up to 5.0.30 should be aware of this vulnerability and take necessary actions. This includes reviewing and adjusting access control configurations for the plugin and monitoring plugin updates and security advisories. Operators, administrators, and security teams should review the official advisory and CVE record to validate affected scope and severity.

Technical summary

The Church Admin plugin has a Missing Authorization vulnerability. This issue has been assigned a CVSS score of 5.3 and a severity of MEDIUM. The vulnerability affects Church Admin versions from n/a through 5.0.30. The official CVE record and NVD detail page provide additional information on the vulnerability.

Defensive priority

Medium priority due to the CVSS score and potential impact.

Recommended defensive actions

  • Update Church Admin plugin to a version beyond 5.0.30 if available
  • Review and adjust access control configurations for the plugin
  • Monitor plugin updates and security advisories
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified

Evidence notes

The CVE record was published on 2026-07-13T10:16:47.510Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The source item URL for CVE-2026-61983 is provided, but additional verification is needed to confirm affected scope and severity. Defenders should verify the official CVE record and NVD detail page for the latest information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:47.510Z and has not been modified since then. The NVD entry is currently in the 'Received' status.