CVE-2021-24669
N/A
N/A
Summary
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | MAZ Loader – Preloader Builder for WordPress | 1.3.3 < 1.3.3 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.