CVE-2024-31280 – CVE-2024-31280 is an arbitrary file upload vuln... (How to Fix)

📋 TL;DR

CVE-2024-31280 is an arbitrary file upload vulnerability in the WordPress Church Admin plugin that allows attackers to upload malicious files to vulnerable websites. This affects all versions up to 4.1.5, potentially leading to complete server compromise.

💻 Affected Systems

Products:

WordPress Church Admin plugin

Versions: All versions up to and including 4.1.5

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Church Admin plugin enabled

📦 What is this software?

Church Admin by Church Admin Project

View all CVEs affecting Church Admin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server takeover via webshell upload leading to data theft, ransomware deployment, or use as attack platform

🟠

Likely Case

Website defacement, malware distribution, or credential theft through uploaded malicious scripts

🟢

If Mitigated

Limited impact if file uploads are restricted via web application firewall or server configuration

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request with malicious file upload, no authentication required

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.6 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Church Admin plugin
4. Click 'Update Now' if available
5. If no update available, deactivate and delete plugin immediately

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block file uploads to Church Admin endpoints

WAF specific - configure to block POST requests containing file uploads to /wp-content/plugins/church-admin/

Server File Permission Restriction

linux

Set upload directory to read-only

chmod -R 444 /path/to/wp-content/plugins/church-admin/upload/
chown root:root /path/to/wp-content/plugins/church-admin/upload/

🧯 If You Can't Patch

Immediately deactivate and remove the Church Admin plugin
Implement strict file upload filtering at web server level (nginx/apache)

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Church Admin version. If version ≤ 4.1.5, vulnerable

Check Version:

wp plugin list --name=church-admin --field=version

Verify Fix Applied:

Confirm Church Admin plugin version is 4.1.6 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/plugins/church-admin/
POST requests with file uploads to plugin endpoints
Creation of suspicious files (.php, .phtml) in upload directories

Network Indicators:

HTTP POST requests with file uploads to Church Admin endpoints
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND (uri_path="/wp-content/plugins/church-admin/" AND http_method="POST" AND content_type="multipart/form-data")

📊 Metadata

CVE ID: CVE-2024-31280

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: April 7, 2024

Last Updated: January 21, 2026

🔗 References

https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve Patch,Third Party Advisory
https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31280, you might also want to check these: