Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Maz_loader
(Feataholic)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-08 | CVE-2021-24669 | The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection. | Maz_loader | 8.8 | ||
| 2021-11-23 | CVE-2021-24668 | The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack | Maz_loader | 4.3 |