Lucene search
Bob MatyasWPVDB-ID:C1E5DEE9-C540-4CC1-8B94-C6D1650B52D3HistoryMay 24, 2024 - 12:00 a.m.
WP Prayer II <= 2.4.7 - Email Settings Update via CSRF
2024-05-2400:00:00
Bob Matyas
wpscan.com
csrf attack
wordpress
email settings
Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PoC
Have an admin open an HTML file containing:
Related
vulnrichment
vulnrichment
CVE-2024-4480 WP Prayer II <= 2.4.7 - Email Settings Update via CSRF
2024-06-14 06:00:04
nvd
nvd
CVE-2024-4480
2024-06-14 06:15:13
cvelist
cvelist
CVE-2024-4480 WP Prayer II <= 2.4.7 - Email Settings Update via CSRF
2024-06-14 06:00:04
cve
cve
CVE-2024-4480
2024-06-14 06:15:13
wpexploit
wpexploit
WP Prayer II <= 2.4.7 - Email Settings Update via CSRF
2024-05-24 00:00:00
wordfence
wordfence
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:C1E5DEE9-C540-4CC1-8B94-C6D1650B52D3