Vulnerability Description
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bdtask | Multi-Scheduler | 1.0.0 |
Related Weaknesses (CWE)
References
- https://0day.today/exploit/34496Broken Link
- https://cxsecurity.com/issue/WLB-2020050235ExploitThird Party Advisory
- https://infayer.com/archivos/448ExploitThird Party Advisory
- https://packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-CroExploitThird Party AdvisoryVDB Entry
- https://research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cExploitThird Party Advisory
- https://twitter.com/UnD3sc0n0c1d0Third Party Advisory
- https://wordpress.org/plugins/multi-scheduler/#developersProductThird Party Advisory
- https://www.exploit-db.com/exploits/48532ExploitThird Party AdvisoryVDB Entry
- https://0day.today/exploit/34496Broken Link
- https://cxsecurity.com/issue/WLB-2020050235ExploitThird Party Advisory
- https://infayer.com/archivos/448ExploitThird Party Advisory
- https://packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-CroExploitThird Party AdvisoryVDB Entry
- https://research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cExploitThird Party Advisory
- https://twitter.com/UnD3sc0n0c1d0Third Party Advisory
- https://wordpress.org/plugins/multi-scheduler/#developersProductThird Party Advisory
FAQ
What is CVE-2020-13426?
CVE-2020-13426 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
How severe is CVE-2020-13426?
CVE-2020-13426 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13426?
Check the references section above for vendor advisories and patch information. Affected products include: Bdtask Multi-Scheduler.