← back
CVE-2021-24669

MAZ Loader < 1.3.3 - Contributor+ SQL Injection

EPSS 1.3%CWE-89
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Nov 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.
Affected products
Unknown · MAZ Loader – Preloader Builder for WordPress

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/b97afbe8-c9ae-40a2-81e5-b1d7a6b31831