WordPress Plugin Vulnerabilities

WP Prayer < 1.5.5 - Unauthorised AJAX call via CSRF

Description

The plugin did not properly check for CSRF in its wpe_ajax_call AJAX action, which then call other method dynamically, allowing attacker to make user perform unwanted actions

Affects Plugins

Plugin icon
wp-prayer
Fixed in 1.5.5

References

URL
https://plugins.trac.wordpress.org/changeset/2502789/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
08e9a4a8-9a8f-4b71-8b81-49e69936becd

Timeline

Publicly Published
2021-06-30 (about 4 years ago)
Added
2021-06-30 (about 4 years ago)
Last Updated
2021-06-30 (about 4 years ago)

Other

Published
Title
Published
2024-08-23
Title
Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
Published
2021-12-29
Title
Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
Published
2023-10-27
Title
WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF
Published
2023-10-17
Title
WP Radio <= 3.1.9 - CSRF
Published
2025-03-27
Title
Gift Message for WooCommerce < 1.7.9 - Cross-Site Request Forgery