WordPress Plugin Vulnerabilities

WP Prayer < 1.5.5 - Unauthorised AJAX call via CSRF

Description

The plugin did not properly check for CSRF in its wpe_ajax_call AJAX action, which then call other method dynamically, allowing attacker to make user perform unwanted actions

Affects Plugins

wp-prayer

Fixed in version 1.5.5

References

URL

https://plugins.trac.wordpress.org/changeset/2502789/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

08e9a4a8-9a8f-4b71-8b81-49e69936becd

Timeline

Publicly Published

2021-06-30 (about 1 years ago)

Added

2021-06-30 (about 1 years ago)

Last Updated

2021-06-30 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin