CVE-2020-13426

2020-06-2217:09:19

mitre

www.cve.org

0.015 Low

EPSS

Percentile

86.8%

JSON

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.

References

0day.today/exploit/34496

cxsecurity.com/issue/WLB-2020050235

infayer.com/archivos/448

packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-Cross-Site-Request-Forgery.html

research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cross-site-request-forgery-delete-user

twitter.com/UnD3sc0n0c1d0

wordpress.org/plugins/multi-scheduler/#developers

www.exploit-db.com/exploits/48532

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for CVELIST:CVE-2020-13426