CVE-2020-13426: WordPress plugin vulnerability

Share this with people that should know this:

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.

References

  • www.exploit-db.com/exploits/48532
  • 0day.today/exploit/34496
  • cxsecurity.com/issue/WLB-2020050235
  • infayer.com/archivos/448
  • packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-Cross-Site-Request-Forgery.html
  • research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cross-site-request-forgery-delete-user
  • twitter.com/UnD3sc0n0c1d0
  • wordpress.org/plugins/multi-scheduler/#developers
  • Share this with people that should know this: