Lucene search
HistoryJun 14, 2024 - 6:15 a.m.
CVE-2024-3965
pray for me
wordpress
csrf
vulnerability
update settings
csrf attack
admin
The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected configurations
Node
me_aliases_projectme_aliasesRange≤1.0.4
CNA Affected
[
{
"vendor": "Unknown",
"product": "Pray For Me",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.0.4"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2024-3965
2024-06-14 06:15:12
wpvulndb
wpvulndb
Pray For Me <= 1.0.4 - Settings Update via CSRF
2024-05-24 00:00:00
wpexploit
wpexploit
Pray For Me <= 1.0.4 - Settings Update via CSRF
2024-05-24 00:00:00
vulnrichment
vulnrichment
CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF
2024-06-14 06:00:02
cvelist
cvelist
CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF
2024-06-14 06:00:02
wordfence
wordfence