mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 23:27:33 +02:00
0xMarcio
1011 B
1011 B
CVE-2020-13426
Description
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
POC
Reference
- https://0day.today/exploit/34496
- https://cxsecurity.com/issue/WLB-2020050235
- https://infayer.com/archivos/448
- https://packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-Cross-Site-Request-Forgery.html
- https://research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cross-site-request-forgery-delete-user
- https://www.exploit-db.com/exploits/48532
Github
No PoCs found on GitHub currently.