23 matches found
EUVD-2021-11581
Malware in sbrugna...
EUVD-2021-11580
Malware in sbrugna...
CVE-2021-24668
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...
CVE-2021-24669
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loaderid parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection...
CVE-2021-24668
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...
CVE-2021-24668
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...
Cross site request forgery (csrf)
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...
CVE-2021-24668
The vulnerability CVE-2021-24668 affects the WordPress plugin MAZ Loader, specifically versions before 1.4.1. The root cause is missing nonce checks, enabling CSRF attacks that let an attacker cause administrators to delete arbitrary loaders. Impact is described as arbitrary loader deletion via C...
CVE-2021-24668 MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...
WordPress 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin that stems from the MAZ Loader not...
WordPress Plugin SQL Injection Vulnerability (CNVD-2021-90321)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The WordPress plugin is a WordPress open source application plugin. The WordPress plugin is vulnerable to SQL injection, which stems from the fact that The MAZ Loader plugin does not validate or...
CVE-2021-24669
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loaderid parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection...
CVE-2021-24669
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loaderid parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection...
Sql injection
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loaderid parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection...
CVE-2021-24669 MAZ Loader < 1.3.3 - Contributor+ SQL Injection
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loaderid parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection...
CVE-2021-24669
The CVE-2021-24669 entry corresponds to the WordPress MAZ Loader plugin (Preloader Builder) prior to version 1.3.3. The vulnerability is due to inadequate validation/escaping of the loader_id parameter in the mzldr shortcode, enabling SQL injection by users with as little as Contributor privilege...
WordPress SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The WordPress plugin is a WordPress open source application plugin. The WordPress plugin is vulnerable to SQL injection, which stems from the fact that The MAZ Loader plugin does not validate or...
WordPress MAZ Loader plugin <= 1.4.0 - Arbitrary Loader Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Loader Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress MAZ Loader plugin versions = 1.4.0. Solution Update the WordPress MAZ Loader plugin to the latest available version at least 1.4.1...
MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF
The plugin does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack The vendor has been notified on August 24th, 2021, as well as escalated to the WP plugins team 3 times, no fix was made despite two new versions being released...
MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF
The plugin does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack The vendor has been notified on August 24th, 2021, as well as escalated to the WP plugins team 3 times, no fix was made despite two new versions being released. PoC...