CVE-2021-24313

CVE-2021-24313: WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown

Product WP Prayer

Weakness CWE-79 · XSS

Published June 1, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to request a prayer. The form to request prayers or praises have several fields. The 'prayer request' and 'praise request' fields do not use proper input validation and can be used to store XSS payloads.

Key dates

02Disclosure timeline

June 1, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24313 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-15052 code-projects Student Information System profile.php cross site scripting CVE-2025-64354 WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability CVE-2023-22684 WordPress Subscribers – Free Web Push Notifications Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) CVE-2024-21328 Dynamics 365 Sales Spoofing Vulnerability CVE-2023-32582 WordPress Don8 Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS)