2 matches found
CVE-2021-4412
CVE-2021-4412 affects the WP Prayer plugin for WordPress (versions up to and including 1.6.5). The root cause is missing/incorrect nonce validation in the save() and export() functions, enabling CSRF. This allows unauthenticated attackers to change plugin settings and trigger a data export if a s...
CVE-2021-4412 WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass
The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...