Vulnerabilities > Feataholic

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-24668 Cross-Site Request Forgery (CSRF) vulnerability in Feataholic MAZ Loader
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack
4.3
2021-11-08 CVE-2021-24669 SQL Injection vulnerability in Feataholic MAZ Loader
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.
network
low complexity
feataholic CWE-89
8.8