Medium severity6.5NVD Advisory· Published Jun 22, 2020· Updated Jun 17, 2026No known patch
CVE-2020-13426
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
CVE-2020-13426
Description
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Multi-Scheduler plugindescription
- Range: = 1.0.0
Patches
Vulnerability mechanics
References
8- cxsecurity.com/issue/WLB-2020050235nvdExploitThird Party Advisory
- infayer.com/archivos/448nvdExploitThird Party Advisory
- packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-Cross-Site-Request-Forgery.htmlnvdExploitThird Party AdvisoryVDB Entry
- research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cross-site-request-forgery-delete-usernvdExploitThird Party Advisory
- www.exploit-db.com/exploits/48532nvdExploitThird Party AdvisoryVDB Entry
- twitter.com/UnD3sc0n0c1d0nvdThird Party Advisory
- wordpress.org/plugins/multi-scheduler/nvdProductThird Party Advisory
- 0day.today/exploit/34496nvdBroken Link
News mentions
0No linked articles in our index yet.