The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
CPE | Name | Operator | Version |
---|---|---|---|
multi-scheduler | eq | 1.0.0 |
0day.today/exploit/34496
cxsecurity.com/issue/WLB-2020050235
infayer.com/archivos/448
packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-Cross-Site-Request-Forgery.html
research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cross-site-request-forgery-delete-user
twitter.com/UnD3sc0n0c1d0
wordpress.org/plugins/multi-scheduler/
www.exploit-db.com/exploits/48532