Feataholic

feataholic

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Maz Loader

maz_loader

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24668 1Feataholic 1Maz Loader Jun 17, 2026 Nov 23, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack
CVE-2021-24669 1Feataholic 1Maz Loader Jun 17, 2026 Nov 8, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injecti...Show more The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-24668

1Feataholic

1Maz Loader

Jun 17, 2026

Nov 23, 2021

N/A· v4

4.3 MEDIUM· v3

4.3 MEDIUM· v2

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack

CVE-2021-24669

1Feataholic

1Maz Loader

Jun 17, 2026

Nov 8, 2021

N/A· v4

8.8 HIGH· v3

6.5 MEDIUM· v2

The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injecti...Show more