CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

229 matches found

WordPress Daily Prayer Time <2022.03.01 - SQL Injection

WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action, available to unauthenticated users, leading to SQL injection. id:...

9.8CVSS7.3AI score0.09214EPSS

Exploits2References5

Schneier on Security•added 2026/03/05 11:28 a.m.•13 views

Hacked App Part of US/Israeli Propaganda Campaign Against Iran

Wired has the story: Shortly after the first set of explosions, Iranians received bursts of notifications on their phones. They came not from the government advising caution, but from an apparently hacked prayer-timing app called BadeSaba Calendar that has been downloaded more than 5 million time...

5.8AI score

Exploits0

Wired Threat Level•added 2026/02/28 3:58 p.m.•7 views

Hacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US Strikes

As Israeli airstrikes hit Tehran this morning, Iranians received mysterious push notifications saying that “help is on the way,” promising amnesty if they surrender...

6AI score

Exploits0

Patchstack•added 2026/01/30 8:24 a.m.•6 views

WordPress WP Prayer plugin <= 2.0.9 - Email Settings Update via CSRF vulnerability

Email Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer versions = 2.0.9...

8.8CVSS5.9AI score0.0035EPSS

Exploits2References1Affected Software1

Patchstack•added 2026/01/30 8:23 a.m.•7 views

WordPress WP Prayer plugin <= 2.0.9 - Arbitrary Prayer Deletion via CSRF vulnerability

Arbitrary Prayer Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer versions = 2.0.9...

5.3CVSS5.9AI score0.00189EPSS

Exploits2References1Affected Software1

RedhatCVE•added 2026/01/09 12:8 p.m.•8 views

CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

4.3CVSS6.8AI score0.0084EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:44 a.m.•6 views

CVE-2022-0785

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS7.2AI score0.09214EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 9:31 a.m.•9 views

CVE-2023-25705

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Go Prayer WP Prayer plugin = 1.9.6 versions...

5.9CVSS5.6AI score0.00369EPSS

Exploits0References1