CVE-2024-3406Cross-Site Request Forgery in WP Prayer

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 46.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Goprayer WP Prayer
Timeline
PublishedMay 15

Description

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
WP Prayer <= 2.0.9 - Email Settings Update via CSRF2024-05-15
GHSA
GHSA-x989-xh8p-mqvh: The WP Prayer WordPress plugin through 22024-05-15
CVE-2024-3406 — Cross-Site Request Forgery in WP Prayer | cvebase