← Back

Maz Loader

maz_loader

Vendor: Feataholic • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24668
1Feataholic
1Maz Loader
Jun 17, 2026
Nov 23, 2021
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack
CVE-2021-24669
1Feataholic
1Maz Loader
Jun 17, 2026
Nov 8, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injecti...Show more
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.Show less