CVE-2021-24669

State: PUBLISHED · Published: 2021-11-08 · Updated: 2024-08-03 · Assigner: WPScan

Description

The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Unknown / MAZ Loader – Preloader Builder for WordPress — v=1.3.3 <1.3.3 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/b97afbe8-c9ae-40a2-81e5-b1d7a6b31831 x_refsource_MISC

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24669.json