Description
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
Exploits (1)
References (8)
Scores
CVSS v3
6.5
EPSS
0.0044
EPSS Percentile
63.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
bdtask/multi-scheduler
1.0.0
Published
Jun 22, 2020
Tracked Since
Feb 18, 2026