Lucene search

CVE-2024-3965

🗓️ 14 Jun 2024 06:12:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 33 Views🌐 WEB

Pray For Me WordPress plugin CSRF vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF	14 Jun 202406:00	–	cvelist
Patchstack	WordPress Pray For Me Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)	24 May 202400:00	–	patchstack
NVD	CVE-2024-3965	14 Jun 202406:15	–	nvd
Vulnrichment	CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF	14 Jun 202406:00	–	vulnrichment
WPVulnDB	Pray For Me <= 1.0.4 - Settings Update via CSRF	24 May 202400:00	–	wpvulndb
wpexploit	Pray For Me <= 1.0.4 - Settings Update via CSRF	24 May 202400:00	–	wpexploit
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)	30 May 202415:23	–	wordfence

Vulners

Vulnrichment

Node

projectcaruso pray_for_meRange≤1.0.4wordpress

[
  {
    "vendor": "Unknown",
    "product": "Pray For Me",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.0.4"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/0e1ba2b3-5849-42f6-b503-8b3b520e4a79/

Parameter	Position	Path	Description	CWE
form_title	request body	/wp-admin/admin.php?page=caruso_prayer_plugin_settings	The Pray For Me WordPress plugin is vulnerable to CSRF attacks allowing unauthorized setting updates.	CWE-352
form_message	request body	/wp-admin/admin.php?page=caruso_prayer_plugin_settings	The Pray For Me WordPress plugin is vulnerable to CSRF attacks allowing unauthorized setting updates.	CWE-352
confirm_title	request body	/wp-admin/admin.php?page=caruso_prayer_plugin_settings	The Pray For Me WordPress plugin is vulnerable to CSRF attacks allowing unauthorized setting updates.	CWE-352
confirm_message	request body	/wp-admin/admin.php?page=caruso_prayer_plugin_settings	The Pray For Me WordPress plugin is vulnerable to CSRF attacks allowing unauthorized setting updates.	CWE-352
action	request body	/wp-admin/admin.php?page=caruso_prayer_plugin_settings	The Pray For Me WordPress plugin is vulnerable to CSRF attacks allowing unauthorized setting updates.	CWE-352

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Jun 2024 06:15Current

5.7Medium risk

Vulners AI Score5.7

CVSS35.4

EPSS0.00102

SSVC