← volver
CVE-2020-13426

CVE-2020-13426

EPSS 1.2%
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://0day.today/exploit/34496https://cxsecurity.com/issue/WLB-2020050235https://infayer.com/archivos/448https://packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-Cross-Site-Request-Forgery.htmlhttps://research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cross-site-request-forgery-delete-userhttps://twitter.com/UnD3sc0n0c1d0https://wordpress.org/plugins/multi-scheduler/#developershttps://www.exploit-db.com/exploits/48532