PatchSiren cyber security CVE debrief
CVE-2026-61983 andy_moyle CVE debrief
A Missing Authorization vulnerability was found in the Church Admin plugin. This issue allows for Exploiting Incorrectly Configured Access Control Security Levels and affects Church Admin versions from n/a through 5.0.30. The vulnerability has been assigned a CVSS score of 5.3 and a severity of MEDIUM. Users of Church Admin plugin versions up to 5.0.30 should be aware of this vulnerability and take necessary actions. The CVE record was published on 2026-07-13T10:16:47.510Z and has not been modified since then.
- Vendor
- andy_moyle
- Product
- Church Admin
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Church Admin plugin versions up to 5.0.30 should be aware of this vulnerability and take necessary actions. This includes reviewing and adjusting access control configurations for the plugin and monitoring plugin updates and security advisories. Operators, administrators, and security teams should review the official advisory and CVE record to validate affected scope and severity.
Technical summary
The Church Admin plugin has a Missing Authorization vulnerability. This issue has been assigned a CVSS score of 5.3 and a severity of MEDIUM. The vulnerability affects Church Admin versions from n/a through 5.0.30. The official CVE record and NVD detail page provide additional information on the vulnerability.
Defensive priority
Medium priority due to the CVSS score and potential impact.
Recommended defensive actions
- Update Church Admin plugin to a version beyond 5.0.30 if available
- Review and adjust access control configurations for the plugin
- Monitor plugin updates and security advisories
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
Evidence notes
The CVE record was published on 2026-07-13T10:16:47.510Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The source item URL for CVE-2026-61983 is provided, but additional verification is needed to confirm affected scope and severity. Defenders should verify the official CVE record and NVD detail page for the latest information.
Official resources
-
CVE-2026-61983 CVE record
CVE.org
-
CVE-2026-61983 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:47.510Z and has not been modified since then. The NVD entry is currently in the 'Received' status.