VYPR

Pray For Me

by WordPress

CVEs (2)

  • CVE-2024-3966MedJun 14, 2024
    risk 0.40cvss 6.1epss 0.00

    The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin

  • CVE-2024-3965MedJun 14, 2024
    risk 0.35cvss 5.4epss 0.00

    The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack