CVE-2024-3966

Name of the Vulnerable Software and Affected Versions Pray For Me WordPress plugin versions 1.0.0 through 1.0.4

Description The issue allows unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin. This is due to the plugin not sanitising and escaping some parameters.

Recommendations For Pray For Me WordPress plugin versions 1.0.0 through 1.0.4, update to a version that addresses the sanitisation and escaping of parameters to prevent Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.