CVE-2026-58409 - ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload
CVE ID :CVE-2026-58409 Published : July 13, 2026, 9:16 p.m. | 1 hour, 16 minutes ago Description :ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution (RCE) on the server by installing a malicious plugin...