Vulnerabilities > Feataholic > MAZ Loader > 1.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-23 | CVE-2021-24668 | Cross-Site Request Forgery (CSRF) vulnerability in Feataholic MAZ Loader The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack | 4.3 |
2021-11-08 | CVE-2021-24669 | SQL Injection vulnerability in Feataholic MAZ Loader The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection. | 8.8 |