Medium severity5.4NVD Advisory· Published Jun 1, 2021· Updated Jun 17, 2026
CVE-2021-24313
CVE-2021-24313
Description
The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to request a prayer. The form to request prayers or praises have several fields. The 'prayer request' and 'praise request' fields do not use proper input validation and can be used to store XSS payloads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Prayerdescription
Patches
Vulnerability mechanics
References
2- bastijnouwendijk.com/cve-2021-24313/nvdExploitTechnical DescriptionThird Party Advisory
- wpscan.com/vulnerability/c7ab736d-27c4-4ec5-9681-a3f0dda86586nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.