Security Advisory

CVE-2021-24669

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-08 17:34:59

Last updated 2024-08-03 19:42:16

Assigner WPScan

State PUBLISHED

Description

The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.

← Browse all CVEs View on cve.org ↗