Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Make and admin open a URL where `<PRAYER_ID>` is any valid prayer ID:
https://example.com/wp-admin/admin.php?page=wpe_manage_prayer&doaction=delete&prayer_id=<PRAYER_ID>