6.5

CVE-2020-13426

Exploit

multi Scheduler <= 1.0.0 - Cross-Site Request Forgery

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
Mögliche Gegenmaßnahme
multi Scheduler: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt multi Scheduler
Version *-1.0.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BdtaskMulti-scheduler Version1.0.0 SwPlatformwordpress
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.624
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://cxsecurity.com/issue/WLB-2020050235
Third Party Advisory
Exploit
https://infayer.com/archivos/448
Third Party Advisory
Exploit
https://twitter.com/UnD3sc0n0c1d0
Third Party Advisory
https://www.exploit-db.com/exploits/48532
Third Party Advisory
Exploit
VDB Entry