CVE-2024-3966

The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin...

CVE-2024-3966

The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin...

CVE-2024-3965

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3965

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3966

CVE-2024-3966 affects the Pray For Me WordPress plugin up to version 1.0.4. The vulnerability arises from insufficient sanitisation/escaping of certain parameters, enabling unauthenticated visitors to trigger a Cross-Site Scripting (XSS) payload when an admin visits the Prayer Requests area in th...

CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3965 Pray For Me <= 1.0.4 - Settings Update via CSRF

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3965

CVE-2024-3965 affects the Pray For Me WordPress plugin (&lt;= 1.0.4). Public details confirm the issue is a CSRF gap when updating plugin settings, which could allow a logged-in admin to change settings via a CSRF attack. The CVE entry notes no public exploit details beyond this description, and ...

CVE-2024-3966 Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin...

CVE-2024-3966 Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin...

WordPress plugin Pray For Me security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Pray For Me security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-28598 · WordPress · Pray For Me

Name of the Vulnerable Software and Affected Versions: Pray For Me WordPress plugin versions 1.0.0 through 1.0.4 Description: The issue allows unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin. This is due to the...

PT-2024-28587 · WordPress · Pray For Me

Name of the Vulnerable Software and Affected Versions: Pray For Me WordPress plugin versions 1.0.0 through 1.0.4 Description: The issue concerns the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: F...

WordPress Pray For Me plugin <= 1.0.4 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Pray For Me versions = 1.0.4...

Pray For Me <= 1.0.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open an HTML file containing:...

Pray For Me <= 1.0.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open an HTML file containing:...

WordPress Pray For Me Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Pray For Me Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3966 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8808391bdd41 Credits Bob Matyas Required privilege...

Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin 1. Configure the plugin to add the first name and last name fields to the form:...

WordPress Pray For Me Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pray For Me Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3965 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 75aaa6747a5e Credits Bob Matyas Required...