CVE-2021-4412

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 12, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2021-4412 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP Prayer plugin for WordPress. Versions up to and including 1.6.5 are susceptible to this issue. The root cause lies in the lack of proper nonce validation on the plugin's save() and export() functions. This flaw allows unauthenticated attackers to manipulate plugin settings and initiate a data export by deceiving an administrator into executing a malicious action, such as clicking on a link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SPIP

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/krA_Ak
https://www.cve.org/CVERecord?id=CVE-2021-4412
https://nvd.nist.gov/vuln/detail/CVE-2021-4412

Back to Vulnerability Database

CVE-2021-4412

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations