Goprayer Wp_prayer
6 CVEs affecting Goprayer Wp_prayer. Latest disclosed: 2024-05-15. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3406 | High | 8.8 | 2024-05-15 | The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged i… |
CVE-2024-3405 | High | 7.6 | 2024-05-15 | The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admi… |
CVE-2023-25705 | Medium | 5.9 | 2023-04-07 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions. |
CVE-2021-24313 | Medium | 5.4 | 2021-06-01 | The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored pr… |
CVE-2024-3407 | Medium | 5.3 | 2024-05-15 | The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted act… |
CVE-2021-4412 | Medium | 4.3 | 2023-07-12 | The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect non… |