Lucene search
Bob MatyasWPVDB-ID:6968D43C-16FF-43A9-8451-71AABBE69014HistoryApr 24, 2024 - 12:00 a.m.
WP Prayer <= 2.0.9 - Settings Update via CSRF
2024-04-2400:00:00
Bob Matyas
wpscan.com
2
wordpress
csrf
vulnerability
security
update
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PoC
Make a logged in admin open a page containing:
Related
cve
cve
CVE-2024-3405
2024-05-15 06:15:09
vulnrichment
vulnrichment
CVE-2024-3405 WP Prayer <= 2.0.9 - Settings Update via CSRF
2024-05-15 06:00:02
nvd
nvd
CVE-2024-3405
2024-05-15 06:15:09
cvelist
cvelist
CVE-2024-3405 WP Prayer <= 2.0.9 - Settings Update via CSRF
2024-05-15 06:00:02
wpexploit
wpexploit
WP Prayer <= 2.0.9 - Settings Update via CSRF
2024-04-24 00:00:00
wordfence
wordfence
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:6968D43C-16FF-43A9-8451-71AABBE69014