CVE-2020-13426

MEDIUM

WordPress Multi-Scheduler <1.0.0 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-13426. PoCs published by UnD3sc0n0c1d0.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in the WordPress Multi-Scheduler plugin 1.0.0, allowing an attacker to delete a user by tricking an authenticated admin into submitting a malicious form. The PoC is a simple HTML form that submits a POST request with the target user's ID.

Description

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.

Exploits (1)

exploitdb WORKING POC

by UnD3sc0n0c1d0 · textwebappsphp

https://www.exploit-db.com/exploits/48532

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in the WordPress Multi-Scheduler plugin 1.0.0, allowing an attacker to delete a user by tricking an authenticated admin into submitting a malicious form. The PoC is a simple HTML form that submits a POST request with the target user's ID.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: WordPress Multi-Scheduler plugin 1.0.0

Auth required

Prerequisites: Target user ID · Authenticated admin session

MITRE ATT&CK