Filtered by vendor Feataholic
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24669 | 1 Feataholic | 1 Maz Loader | 2024-11-21 | 8.8 High |
| The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection. | ||||
| CVE-2021-24668 | 1 Feataholic | 1 Maz Loader | 2024-11-21 | 4.3 Medium |
| The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack | ||||
Page 1 of 1.