WP-Safety

GoPrayer Security & Risk Analysis

wordpress.org/plugins/wp-prayers-request

An application that allows an organization share, update, and manage prayer requests.

300 active installs v2.4.9 PHP 5.2.4+ WP 5.0+ Updated Dec 20, 2025
biblechurchministryprayprayer
99
A · Safe
CVEs total2
Unpatched0
Last CVEMay 24, 2024
Plugin page Download
Safety Verdict

Is GoPrayer Safe to Use in 2026?

Generally Safe

Score 99/100

GoPrayer has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 24, 2024Updated 3mo ago
Risk Assessment

The "wp-prayers-request" plugin v2.4.9 exhibits a generally good security posture, adhering to several best practices. The static analysis reveals no dangerous functions, all SQL queries utilize prepared statements, and the vast majority of output is properly escaped. Importantly, there are no identified taint flows with unsanitized paths, indicating that data is likely handled safely within the code. The plugin also implements nonce checks on all identified entry points and has a relatively small attack surface without authentication. However, a significant concern arises from its vulnerability history. With two medium-severity CVEs, both of which were Cross-Site Request Forgery (CSRF) vulnerabilities, it suggests a pattern of insecure handling of user actions. While there are currently no unpatched vulnerabilities, this history points to potential weaknesses in enforcing proper authorization and validation for sensitive operations, which could be exploited if similar flaws are introduced in future updates. The lack of capability checks on AJAX handlers, despite nonce checks, is a potential area for improvement, as it relies solely on nonces for authorization which can sometimes be bypassed in certain scenarios.

Key Concerns

  • Two medium severity CSRF vulnerabilities in history
  • No capability checks on AJAX handlers
Vulnerabilities
2

GoPrayer Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-4751medium · 4.3Cross-Site Request Forgery (CSRF)

WP Prayer II <= 2.4.7 - Cross-Site Request Forgery to Settings Update

May 24, 2024 Patched in 2.4.8 (39d)
CVE-2024-4480medium · 4.3Cross-Site Request Forgery (CSRF)

WP Prayer II <= 2.4.7 - Cross-Site Request Forgery to Email Settings Update

May 24, 2024 Patched in 2.4.8 (39d)
Code Analysis
Analyzed Mar 16, 2026

GoPrayer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
99 escaped
Nonce Checks
6
Capability Checks
0
File Operations
0
External Requests
8
Bundled Libraries
0

Output Escaping

99% escaped100 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
<upr_email_settings> (inc\upr_email_settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

GoPrayer Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 4

authwp_ajax_ajax_pray_responseuser-prayers-request.php:35
noprivwp_ajax_ajax_pray_responseuser-prayers-request.php:36
authwp_ajax_ajax_do_prayuser-prayers-request.php:37
noprivwp_ajax_ajax_do_prayuser-prayers-request.php:38

Shortcodes 2

[upr_form] inc\upr_shortcode.php:34
[upr_list_prayers] inc\upr_shortcode.php:36
WordPress Hooks 13
actioninitinc\upr_shortcode.php:24
filterwp_mail_frominc\upr_shortcode.php:186
filterwp_mail_from_nameinc\upr_shortcode.php:187
filterwp_mail_frominc\upr_shortcode.php:227
filterwp_mail_from_nameinc\upr_shortcode.php:228
filterwp_mailinc\upr_shortcode.php:229
actionadmin_menuuser-prayers-request.php:22
actioninituser-prayers-request.php:28
actionadd_meta_boxesuser-prayers-request.php:29
actionsave_post_prayersuser-prayers-request.php:30
actionwp_enqueue_scriptsuser-prayers-request.php:31
filtermanage_prayers_posts_columnsuser-prayers-request.php:41
actionmanage_prayers_posts_custom_columnuser-prayers-request.php:42
Maintenance & Trust

GoPrayer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 20, 2025
PHP min version5.2.4
Downloads26K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

GoPrayer Alternatives

GoPray

GoPray

gopray

A
100

Prayer request application to allow users to submit requests or pray for existing requests

100 No CVEs
Church Content – Sermons, Events and More

Church Content – Sermons, Events and More

church-theme-content

A
99

Provides an interface for managing sermons, events, people and locations. A compatible theme is required for presenting content from these church-cent &hellip;

4K 1 CVE
Daily Prayer Time

Daily Prayer Time

daily-prayer-time-for-mosques

A
91

Display prayer time in any screen, in any language and many more.

1K 6 CVEs
Salat Times

Salat Times

salat-times

A
100

Salat (Namaz) timetable for any location around the world!

600 1 CVE
Muslim Prayer Time-Salah/Iqamah

Muslim Prayer Time-Salah/Iqamah

masjidal

A
91

Display the prayer(Athan) and/or Iqamah time for you masjid or location. Use as a widget or use the short codes and format it as you like.

400 1 CVE
Developer Profile

GoPrayer Developer Profile

Kim Gow

3 plugins · 450 total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
39 days
View full developer profile
Detection Fingerprints

How We Detect GoPrayer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-prayers-request/assets/css/pray-style.css/wp-content/plugins/wp-prayers-request/assets/js/pray-script.js
Script Paths
/wp-content/plugins/wp-prayers-request/assets/js/pray-script.js
Version Parameters
wp-prayers-request/assets/css/pray-style.css?ver=wp-prayers-request/assets/js/pray-script.js?ver=

HTML / DOM Fingerprints

Shortcode Output
[prayers_form][prayers_list][prayers_view]
FAQ

Frequently Asked Questions about GoPrayer