RSS   Podatności dla 'Maz loader'   RSS

2021-11-23
 
CVE-2021-24668

CWE-352
 

 
The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack

 
2021-11-08
 
CVE-2021-24669

CWE-89
 

 
The MAZ Loader ??�??�?? Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.

 


Copyright 2024, cxsecurity.com

 

Back to Top