CVE-2024-3405Cross-Site Request Forgery in WP Prayer

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
7.6HIGHNVD
EPSS
0.2%
top 59.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Goprayer WP Prayer
Timeline
PublishedMay 15

Description

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:NExploitability: 2.3 | Impact: 4.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-rm3h-m7rx-3jrq: The WP Prayer WordPress plugin through 22024-05-15
CVEList
WP Prayer <= 2.0.9 - Settings Update via CSRF2024-05-15
CVE-2024-3405 — Cross-Site Request Forgery in WP Prayer | cvebase