3 matches found
CVE-2021-24313
The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to...
CVE-2021-24313
The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to...
CVE-2021-24313
The WP Prayer WordPress plugin (before 1.6.2) contains an authenticated stored XSS vulnerability in the prayer/praise request form. The issue arises because the 'prayer request' and 'praise request' fields do not properly validate input, allowing an authenticated user to store XSS payloads that c...