WP Prayer II <= 2.4.7 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML file containing:...

WordPress WP Prayer II Plugin <= 2.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Prayer II Type Plugin Vulnerable versions = 2.4.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4480 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4976d5ae1cf6 Credits Bob Matyas Required...