CVE-2020-13426

Summary

CVE	CVE-2020-13426
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-06-22 18:15:00 UTC
Updated	2020-06-26 16:16:00 UTC
Description	The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.

Risk And Classification

Problem Types: CWE-352

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Bdtask	Multi-scheduler	1.0.0	All	All	All
Application	Bdtask	Multi-scheduler	1.0.0	All	All	All

References

Reference	Source	Link	Tags
WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User) - Research Labs	MISC	research-labs.net	Exploit, Third Party Advisory
Juampa Rodríguez (@UnD3sc0n0c1d0) \| Twitter	MISC	twitter.com	Third Party Advisory
multi Scheduler – WordPress plugin \| WordPress.org	MISC	wordpress.org	Product, Third Party Advisory
WordPress Multi-Scheduler 1.0.0 Cross Site Request Forgery ≈ Packet Storm	MISC	packetstormsecurity.com	Exploit, Third Party Advisory, VDB Entry
WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User) - PHP webapps Exploit	EXPLOIT-DB	www.exploit-db.com	Exploit, Third Party Advisory, VDB Entry
WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User) - CXSecurity.com	MISC	cxsecurity.com	Exploit, Third Party Advisory
Access denied \| 0day.today used Cloudflare to restrict access	MISC	0day.today	Broken Link
[CVE-2020-13426] WordPress Plugin Multi-Scheduler 1.0.0 – Cross-Site Request Forgery – Infayer	MISC	infayer.com	Exploit, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.