🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

WP Prayer

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > WP Prayer

Information

Software Type	Plugin
Software Slug	wp-prayer (view on wordpress.org)
Software Status	Active
Software Author	abrg
Software Website	www.goministry.com
Software Downloads	62,856
Software Active Installs	900
Software Record Last Updated	April 19, 2024

7 Vulnerabilities

WP Prayer <= 1.6.1 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2021-24313

May 17, 2021

Researcher: Bastijn Ouwendijk

WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4412

Jun 8, 2021

Researcher: Jerome Bruandet

WP Prayer <= 1.5.4 - Cross-Site Request Forgery

4.3

CVE ID Unknown

Jun 30, 2021

Researcher: WPScanTeam

WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25705

Feb 14, 2023

Researcher: Rio Darmawan

WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2024-3405

Apr 24, 2024

Researcher: Bob Matyas

WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Email Settings Update

4.3

CVE-2024-3406

Apr 24, 2024

Researcher: Bob Matyas

WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Arbitrary Prayer Deletion

4.3

CVE-2024-3407

Apr 24, 2024

Researcher: Bob Matyas

Title	Status	CVE ID	CVSS	Researchers	Date
WP Prayer <= 1.6.1 - Authenticated Stored Cross-Site Scripting	Patched	CVE-2021-24313	6.4	Bastijn Ouwendijk	May 17, 2021
WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass	Patched	CVE-2021-4412	4.3	Jerome Bruandet	June 8, 2021
WP Prayer <= 1.5.4 - Cross-Site Request Forgery	Patched		4.3	WPScanTeam	June 30, 2021
WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting	Patched	CVE-2023-25705	5.5	Rio Darmawan	February 14, 2023
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Settings Update	Unpatched	CVE-2024-3405	4.3	Bob Matyas	April 24, 2024
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Email Settings Update	Unpatched	CVE-2024-3406	4.3	Bob Matyas	April 24, 2024
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Arbitrary Prayer Deletion	Unpatched	CVE-2024-3407	4.3	Bob Matyas	April 24, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation