WP-Safety

Advanced Sermons Security & Risk Analysis

wordpress.org/plugins/advanced-sermons

Elevate your church's digital outreach with audio/video sermons, organized speakers, and series management.

1K active installs v3.7 PHP 7.3+ WP 4.6+ Updated Dec 9, 2025
churchseriessermonsermonsvideo-gallery
96
A · Safe
CVEs total5
Unpatched0
Last CVEJun 12, 2025
Plugin page Download
Safety Verdict

Is Advanced Sermons Safe to Use in 2026?

Generally Safe

Score 96/100

Advanced Sermons has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jun 12, 2025Updated 3mo ago
Risk Assessment

The "advanced-sermons" plugin v3.7 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and a complete lack of unpatched vulnerabilities, several significant concerns arise from the static analysis and its historical vulnerability record. The presence of unprotected AJAX handlers directly contributes to a larger attack surface, as these can be exploited by unauthenticated users. The taint analysis, though showing no critical or high severity flows, did reveal all analyzed flows with unsanitized paths, which warrants attention for potential indirect vulnerabilities or chained exploits. The historical data indicates a pattern of medium severity Cross-Site Scripting (XSS) vulnerabilities, suggesting a recurring issue with input handling and output escaping despite the otherwise decent proportion of properly escaped outputs. The plugin's strength lies in its prompt patching of past vulnerabilities, but the ongoing presence of unprotected entry points and historical XSS trends indicate that vigilance is still required.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • 5 historical medium severity XSS CVEs
  • Only 52% output escaping
Vulnerabilities
5

Advanced Sermons Security Vulnerabilities

CVEs by Year

4 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-49863medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Sermons <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 12, 2025 Patched in 3.7 (6d)
CVE-2024-50458medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Sermons <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 3.5 (7d)
CVE-2024-7599medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Sermons <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2024 Patched in 3.4 (2d)
CVE-2024-29928medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Sermons <= 3.1 - Reflected Cross-Site Scripting via s

Mar 25, 2024 Patched in 3.2 (4d)
CVE-2024-27952medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Sermons <= 3.2 - Reflected Cross-Site Scripting

Mar 13, 2024 Patched in 3.3 (8d)
Code Analysis
Analyzed Mar 16, 2026

Advanced Sermons Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
255
276 escaped
Nonce Checks
3
Capability Checks
3
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

52% escaped531 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
asp_archive_filter_order (include\templates\sections\sermon-filter.php:23)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Advanced Sermons Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_asp_archive_orderadmin\taxonomy\terms-order.php:41
noprivwp_ajax_asp_generate_sermonsinclude\templates\template-functions.php:556
authwp_ajax_asp_generate_sermonsinclude\templates\template-functions.php:557
WordPress Hooks 113
actionadmin_menuadmin\admin-functions.php:16
actionadmin_noticesadmin\admin-functions.php:50
actionrestrict_manage_postsadmin\admin-functions.php:74
filtermanage_sermons_posts_columnsadmin\admin-functions.php:112
actionmanage_sermons_posts_custom_columnadmin\admin-functions.php:113
actionadmin_enqueue_scriptsadmin\admin-functions.php:201
actionadmin_enqueue_scriptsadmin\admin-functions.php:215
actionadmin_bar_menuadmin\admin-functions.php:219
filterpre_get_postsadmin\admin-functions.php:360
actiondo_meta_boxesadmin\meta\meta-functions.php:16
actionadmin_initadmin\meta\sermon-details.php:10
actionadmin_print_scriptsadmin\meta\sermon-details.php:23
actionadmin_print_stylesadmin\meta\sermon-details.php:24
actionsave_postadmin\meta\sermon-details.php:425
actionadmin_initadmin\options\register-options.php:125
actionasp_settings_contentadmin\settings\archive.php:10
actionasp_settings_tabadmin\settings\create-tabs.php:6
actionasp_settings_tabadmin\settings\create-tabs.php:15
actionasp_settings_tabadmin\settings\create-tabs.php:24
actionasp_settings_tabadmin\settings\create-tabs.php:33
actionasp_settings_tabadmin\settings\create-tabs.php:42
actionasp_settings_tabadmin\settings\create-tabs.php:51
actionasp_settings_tabadmin\settings\create-tabs.php:60
actionasp_settings_tabadmin\settings\create-tabs.php:69
actionasp_settings_tabadmin\settings\create-tabs.php:78
actionasp_settings_contentadmin\settings\design.php:9
actionasp_settings_contentadmin\settings\general.php:9
actionasp_settings_contentadmin\settings\import-export.php:8
actionasp_settings_contentadmin\settings\language.php:9
actionasp_settings_contentadmin\settings\misc.php:9
actionasp_settings_contentadmin\settings\shortcodes.php:12
actionasp_settings_contentadmin\settings\single-sermon.php:10
actionasp_settings_contentadmin\settings\upgrade.php:10
actionsermon_series_add_form_fieldsadmin\taxonomy\series-image.php:20
actioncreated_sermon_seriesadmin\taxonomy\series-image.php:21
actionsermon_series_edit_form_fieldsadmin\taxonomy\series-image.php:22
actionedited_sermon_seriesadmin\taxonomy\series-image.php:23
actionadmin_enqueue_scriptsadmin\taxonomy\series-image.php:24
actionadmin_footeradmin\taxonomy\series-image.php:25
filtermanage_edit-sermon_series_columnsadmin\taxonomy\series-image.php:154
filtermanage_sermon_series_custom_columnadmin\taxonomy\series-image.php:155
filtermanage_edit-sermon_series_columnsadmin\taxonomy\series-image.php:181
filtermanage_edit-sermon_series_columnsadmin\taxonomy\series-meta.php:9
filtermanage_sermon_series_custom_columnadmin\taxonomy\series-meta.php:10
filtermanage_edit-sermon_series_sortable_columnsadmin\taxonomy\series-meta.php:65
filtermanage_edit-sermon_series_columnsadmin\taxonomy\series-meta.php:81
filtermanage_edit-sermon_series_columnsadmin\taxonomy\series-meta.php:85
actionsermon_speaker_add_form_fieldsadmin\taxonomy\speaker-image.php:20
actioncreated_sermon_speakeradmin\taxonomy\speaker-image.php:21
actionsermon_speaker_edit_form_fieldsadmin\taxonomy\speaker-image.php:22
actionedited_sermon_speakeradmin\taxonomy\speaker-image.php:23
actionadmin_enqueue_scriptsadmin\taxonomy\speaker-image.php:24
actionadmin_footeradmin\taxonomy\speaker-image.php:25
filtermanage_edit-sermon_speaker_columnsadmin\taxonomy\speaker-image.php:176
filtermanage_sermon_speaker_custom_columnadmin\taxonomy\speaker-image.php:177
filtermanage_edit-sermon_speaker_columnsadmin\taxonomy\speaker-image.php:203
actionsermon_speaker_add_form_fieldsadmin\taxonomy\speaker-meta.php:42
actionsermon_speaker_edit_form_fieldsadmin\taxonomy\speaker-meta.php:107
actionedited_sermon_speakeradmin\taxonomy\speaker-meta.php:125
actioncreate_sermon_speakeradmin\taxonomy\speaker-meta.php:126
filtermanage_edit-sermon_speaker_columnsadmin\taxonomy\speaker-meta.php:130
filtermanage_sermon_speaker_custom_columnadmin\taxonomy\speaker-meta.php:131
filtermanage_edit-sermon_speaker_sortable_columnsadmin\taxonomy\speaker-meta.php:156
filtermanage_edit-sermon_speaker_columnsadmin\taxonomy\speaker-meta.php:172
filtermanage_edit-sermon_speaker_columnsadmin\taxonomy\speaker-meta.php:176
actionplugins_loadedadmin\taxonomy\taxonomy-functions.php:17
actionadmin_print_scriptsadmin\taxonomy\taxonomy-functions.php:19
actionadmin_print_stylesadmin\taxonomy\taxonomy-functions.php:20
actionafter-sermon_series-tableadmin\taxonomy\taxonomy-functions.php:66
actionafter-sermon_speaker-tableadmin\taxonomy\taxonomy-functions.php:67
actionafter-sermon_topics-tableadmin\taxonomy\taxonomy-functions.php:68
actionafter-sermon_book-tableadmin\taxonomy\taxonomy-functions.php:69
actionadmin_enqueue_scriptsadmin\taxonomy\terms-order.php:19
actioncreate_termadmin\taxonomy\terms-order.php:79
actionparse_term_queryadmin\taxonomy\terms-order.php:115
actionadmin_initadmin\taxonomy\terms-order.php:119
filterplugin_row_metaadvanced-sermons.php:71
filterregister_post_type_argsinclude\plugin-functions.php:20
actionwp_headinclude\plugin-functions.php:44
actionwp_headinclude\plugin-functions.php:57
actionpre_get_postsinclude\plugin-functions.php:61
filterregister_post_type_argsinclude\plugin-functions.php:119
filterregister_taxonomy_argsinclude\plugin-functions.php:128
actioninitinclude\post-types.php:66
actioninitinclude\taxonomies.php:61
actioninitinclude\taxonomies.php:116
actioninitinclude\taxonomies.php:172
actioninitinclude\taxonomies.php:230
actionasp_archive_grid_viewinclude\templates\layouts\grid-view.php:11
actionasp_hook_archive_titleinclude\templates\sections\archive-title.php:39
actionasp_hook_filter_criteria_boxinclude\templates\sections\criteria-box.php:94
actionasp_hook_filter_bar_fieldsinclude\templates\sections\sermon-filter.php:19
actionasp_hook_filter_bar_fieldsinclude\templates\sections\sermon-filter.php:61
actionasp_hook_filter_bar_fieldsinclude\templates\sections\sermon-filter.php:75
actionasp_hook_filter_bar_fieldsinclude\templates\sections\sermon-filter.php:90
actionasp_hook_filter_bar_fieldsinclude\templates\sections\sermon-filter.php:105
actionasp_hook_filter_bar_fieldsinclude\templates\sections\sermon-filter.php:120
actionasp_hook_filter_bar_fieldsinclude\templates\sections\sermon-filter.php:132
filtersingle_templateinclude\templates\template-functions.php:21
filterarchive_templateinclude\templates\template-functions.php:37
filtertemplate_includeinclude\templates\template-functions.php:52
filterasp_excerpt_functionsinclude\templates\template-functions.php:90
filterexcerpt_lengthinclude\templates\template-functions.php:92
filterexcerpt_moreinclude\templates\template-functions.php:105
actionwp_headstyling\asp-dynamic-css.php:511
actionadmin_headstyling\asp-dynamic-css.php:523
actionwp_enqueue_scriptsstyling\styling-functions.php:17
actionadmin_enqueue_scriptsstyling\styling-functions.php:25
actionwp_enqueue_scriptsstyling\styling-functions.php:29
actionadmin_enqueue_scriptsstyling\styling-functions.php:47
actionwp_enqueue_scriptsstyling\styling-functions.php:74
actionwp_enqueue_scriptsstyling\styling-functions.php:91
actionwp_enqueue_scriptsstyling\styling-functions.php:108
Maintenance & Trust

Advanced Sermons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 9, 2025
PHP min version7.3
Downloads30K

Community Trust

Rating94/100
Number of ratings22
Active installs1K
Alternatives

Advanced Sermons Alternatives

Church Content – Sermons, Events and More

Church Content – Sermons, Events and More

church-theme-content

A
99

Provides an interface for managing sermons, events, people and locations. A compatible theme is required for presenting content from these church-cent &hellip;

4K 1 CVE
Church Admin

Church Admin

church-admin

A
87

Organise and communicate church life, with associated Android and iOS app for your congregation.

1K 26 CVEs
Church Social

Church Social

church-social

A
85

This plugin allows churches to display content from their Church Social account on their WordPress website.

80 No CVEs
SermonPress

SermonPress

sermonpress

A
85

This is a fully customizable sermon library plugin. It comes complete with the ability to add audio and video sermons.

30 No CVEs
Sel Church Sermon

Sel Church Sermon

sel-church-sermons

A
85

This plugin created for official church themes from Selthemes.com

10 No CVEs
Developer Profile

Advanced Sermons Developer Profile

WP CodeUs

2 plugins · 3K total installs

91
trust score
Avg Security Score
87/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Sermons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-sermons/include/js/asp_admin_script.js/wp-content/plugins/advanced-sermons/styling/css/asp_admin_style.css/wp-content/plugins/advanced-sermons/styling/css/asp_public_style.css/wp-content/plugins/advanced-sermons/include/js/asp_public_script.js
Version Parameters
advanced-sermons/include/js/asp_admin_script.js?ver=advanced-sermons/styling/css/asp_admin_style.css?ver=advanced-sermons/styling/css/asp_public_style.css?ver=advanced-sermons/include/js/asp_public_script.js?ver=

HTML / DOM Fingerprints

CSS Classes
asp-post-thumbnailasp-sermon-detailsasp-sermon-titleasp-sermon-dateasp-sermon-speakerasp-sermon-seriesasp-sermon-topicsasp-sermon-book+14 more
HTML Comments
<!-- Exit if accessed directly --><!-- Flush permalinks when the plugin is activated --><!-- The helpers functions for repeated functionalities --><!-- The core plugin file that is used to define internationalization, hooks and functions -->+9 more
Data Attributes
data-sermon-iddata-speaker-iddata-series-iddata-topic-iddata-book-iddata-player-id+2 more
JS Globals
asp_admin_dataadvanced_sermons_ajax_object
REST Endpoints
/wp-json/advanced-sermons/v1/settings/wp-json/advanced-sermons/v1/sermons
Shortcode Output
[advanced_sermons][sermon_list][sermon_player][sermon_details]
FAQ

Frequently Asked Questions about Advanced Sermons