Cross-Site Request Forgery Vulnerability in WP Prayer Plugin for WordPress
CVE-2021-4412
4.3MEDIUM
What is CVE-2021-4412?
The WP Prayer plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF). This occurs due to inadequate nonce validation in the save() and export() functions. By tricking an administrator into clicking a malicious link, attackers can manipulate plugin settings and initiate data exports, undermining site integrity and posing significant security risks.
Affected Version(s)
WP Prayer * <= 1.6.5