CVE-2021-24669

CVE-2021-24669: MAZ Loader < 1.3.3 - Contributor+ SQL Injection

Vendor Unknown
Product MAZ Loader – Preloader Builder for WordPress
Weakness CWE-89 · SQLi
Published November 8, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.

Key dates

02Disclosure timeline

November 8, 2021 CVE published
August 3, 2024 Record updated