Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prayer project prayer vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2018-18655
Prayer up to and including 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.
Prayer Project Prayer
NA
CVE-2014-7546
The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Buddhist Prayer Project Buddhist Prayer 3
5.4
CVSSv3
CVE-2023-27631
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.
Daily Prayer Time Project Daily Prayer Time
8.8
CVSSv3
CVE-2023-27632
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions.
Daily Prayer Time Project Daily Prayer Time
5.4
CVSSv3
CVE-2021-24523
The Daily Prayer Time WordPress plugin prior to 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues.
Daily Prayer Time Project Daily Prayer Time
9.8
CVSSv3
CVE-2022-0785
The Daily Prayer Time WordPress plugin prior to 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection
Daily Prayer Time Project Daily Prayer Time
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started