CVE-2021-24668

State: PUBLISHED · Published: 2021-11-23 · Updated: 2024-08-03 · Assigner: WPScan

Description

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack

CWE

CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected

Unknown / MAZ Loader – Preloader Builder for WordPress — v=1.4.1 <1.4.1 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/519205ff-2ff6-41e4-9e95-475ab2ce35b9 x_refsource_MISC

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24668.json