Cross-Site Request Forgery Vulnerability in WP Prayer Plugin for WordPress
CVE-2021-4412
4.3MEDIUM
Summary
The WP Prayer plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF). This occurs due to inadequate nonce validation in the save() and export() functions. By tricking an administrator into clicking a malicious link, attackers can manipulate plugin settings and initiate data exports, undermining site integrity and posing significant security risks.
Affected Version(s)
WP Prayer * <= 1.6.5
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jerome Bruandet