WordPress WP Prayer plugin <= 2.0.9 - Email Settings Update via CSRF vulnerability

Email Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer versions = 2.0.9...

CVE-2023-25705

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Go Prayer WP Prayer plugin = 1.9.6 versions...

EUVD-2023-29615

Malicious code in bioql PyPI...

CVE-2024-3407

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-3405

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

CVE-2024-3407

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-3405

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress plugin WP Prayer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP Prayer Plugin <= 2.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Prayer Type Plugin Vulnerable versions = 2.0.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3405 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fe4f86d8e888 Credits Bob Matyas Required privileg...

WP Prayer <= 2.0.9 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open a page containing: input type="hidden"...

WordPress Easy Prayer Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Easy Prayer Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2c604642d4f Credits Rafie Muhammad Patchstack Required...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

Cross site request forgery (csrf)

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

CVE-2021-4412 WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

CVE-2023-25705

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Go Prayer WP Prayer plugin = 1.9.6 versions...

CVE-2023-25705

CVE-2023-25705 describes an authenticated (admin+) stored cross-site scripting vulnerability in the WordPress plugin WP Prayer (Go Prayer, WP Prayer)

WordPress Plugin WP Prayer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Prayer Type Plugin Vulnerable versions = 1.9.6 Fixed in 1.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25705 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c3efe5530c7b Credits Rio Darmawan Required privile...

WordPress WP Prayer plugin <= 1.6.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by NinTechNet in the WordPress WP Prayer plugin versions = 1.6.5. Solution Update the WordPress WP Prayer plugin to the latest available version at least 1.6.6...