The lack of CSRF check could allow attacker to delete arbitrary records from the plugin (for example Professional ones) via a CSRF attack. The issue is not patched, and has ben escalated to WP plugins team on May 29th, 2020
The PoC will be displayed once the issue has been remediated
CPE | Name | Operator | Version |
---|---|---|---|
multi-scheduler | eq | * |