CVE-2021-24669

Published: 2021-11-08T18:15Z

Last Modified: 2024-11-21T05:53Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt