CVE-2024-3407

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 79.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown WP PrayerGoprayer WP Prayer
Timeline
PublishedMay 15

Description

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5unknown/wp_prayer2.0.9

🔴Vulnerability Details

2
CVEList
WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF2024-05-15
GHSA
GHSA-53j6-rqp4-4h6m: The WP Prayer WordPress plugin through 22024-05-15
CVE-2024-3407 (MEDIUM CVSS 5.3) | The WP Prayer WordPress plugin thro | cvebase.io