Description
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a malicious page that, when visited by an authenticated administrator, silently triggers deletion of targeted family records including associated notes, pledges, persons, and property data without any user interaction. This issue has been fixed in version 7.2.0.
Published: 2026-04-17
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Permanent Data Deletion via CSRF
Action: Apply Patch
AI Analysis

Impact

In ChurchCRM versions before 7.2.0 a family record deletion workflow in SelectDelete.php accepts a plain GET request without CSRF token validation, allowing a malicious page to silently delete family records and all related details, including notes, pledges, persons and property data. The deletion is irreversible, leading to total loss of both structured data and contextual information owned by an administrator’s organization. The flaw stems from missing CSRF protection and insufficient authorization checks, allowing any authenticated administrator to trigger these destructive actions without interaction.

Affected Systems

ChurchCRM:CRM applications running any build older than version 7.2.0 are affected. No other vendors or product lines are listed. Exact patches start at 7.2.0 where the issue is remedied.

Risk and Exploitability

The CVSS base score of 8.1 marks this as a high‑severity vulnerability, while the EPSS score is not published and it is not in the CISA KEV catalog. A threat actor can exploit the flaw remotely by hosting a malicious webpage that causes an authenticated administrator’s browser to make the vulnerable GET request; no user interaction beyond navigation to the page is required. The impact is data loss, and the risk is considerable given the ease of exploitation and the strong damages to the affected organization.

Generated by OpenCVE AI on April 18, 2026 at 08:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ChurchCRM to version 7.2.0 or later.
  • Verify that any delete actions require explicit CSRF token validation and are not performed with a GET request.
  • Ensure that only properly authorized users can initiate this deletion action, enforcing role‑based access controls.

Generated by OpenCVE AI on April 18, 2026 at 08:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a malicious page that, when visited by an authenticated administrator, silently triggers deletion of targeted family records including associated notes, pledges, persons, and property data without any user interaction. This issue has been fixed in version 7.2.0.
Title ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion
Weaknesses CWE-352
CWE-862
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-17T23:51:32.765Z

Reserved: 2026-04-14T13:24:29.475Z

Link: CVE-2026-40581

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-18T00:16:39.683

Modified: 2026-04-18T00:16:39.683

Link: CVE-2026-40581

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:45:41Z

Weaknesses