12 matches found
CVE-2020-13426
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery CSRF vulnerability in the forms it presents, allowing the possibility of deleting records users when an ID is known...
CVE-2020-13426
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery CSRF vulnerability in the forms it presents, allowing the possibility of deleting records users when an ID is known...
Cross site request forgery (csrf)
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery CSRF vulnerability in the forms it presents, allowing the possibility of deleting records users when an ID is known...
CVE-2020-13426
CVE-2020-13426 affects WordPress with the Multi Scheduler plugin v1.0.0. The vulnerability is a Cross‑Site Request Forgery in the plugin’s forms, allowing an attacker to delete records (users) when a target ID is known. The root cause is CSRF protection failure in the plugin’s request handling. P...
CVE-2020-13426
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery CSRF vulnerability in the forms it presents, allowing the possibility of deleting records users when an ID is known...
WordPress Multi-Scheduler Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Multi-Scheduler is a scheduler plugin used in it. A cross-site request forgery vulnerability exists in WordPress Multi-Scheduler versio...
WordPress Multi-Scheduler 1.0.0 - Cross Site Request Forgery
WordPress Multi-Scheduler plugin version 1.0.0 suffers from a cross site request forgery vulnerability. Exploit Title: WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery Delete User Google Dork: N/A Date: 2020-05-21 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage:...
WordPress Multi-Scheduler 1.0.0 Plugin - Cross-Site Request Forgery (Delete User) Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery Delete User Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://www.bdtask.com/ Software Link: https://downloads.wordpress.org/plugin/multi-scheduler.1.0.0.z...
WordPress Multi-Scheduler 1.0.0 Cross Site Request Forgery
Exploit Title: WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery Delete User Google Dork: N/A Date: 2020-05-21 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://www.bdtask.com/ Software Link: https://downloads.wordpress.org/plugin/multi-scheduler.1.0.0.zip Category: Web...
WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)
Exploit Title: WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery Delete User Google Dork: N/A Date: 2020-05-21 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://www.bdtask.com/ Software Link: https://downloads.wordpress.org/plugin/multi-scheduler.1.0.0.zip Category: Web...
WordPress Multi Scheduler plugin <= 1.0.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by UnD3sc0n0c1d0 in WordPress Multi Scheduler plugin versions = 1.0.0. Solution This plugin has been closed as of June 1, 2020 and is not available for download. Reason: Security Issue...
Multi Scheduler <= 1.0.0 - Arbitrary Record Deletion via CSRF
The lack of CSRF check could allow attacker to delete arbitrary records from the plugin for example Professional ones via a CSRF attack. The issue is not patched, and has ben escalated to WP plugins team on May 29th, 2020 The PoC will be displayed once the issue has been remediated...