CVE-2024-4758 – Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF

https://notcve.org/view.php?id=CVE-2024-4758

The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack El complemento Muslim Prayer Time BD de WordPress hasta la versión 2.4 no tiene activada la verificación CSRF al restablecer su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los restablezca mediante un ataque CSRF. The Muslim Prayer Time BD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4. This is due to missing or incorrect nonce validation on the muslim-prayer-time-bd/admin-settings.php page. This makes it possible for unauthenticated attackers to reset settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/64ec57a5-35d8-4c69-bdba-096c2245a0db • CWE-352: Cross-Site Request Forgery (CSRF) •