Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Make and admin open a URL where `` is any valid prayer ID: https://example.com/wp-admin/admin.php?page=wpe_manage_prayer&doaction;=delete&prayer;_id=