The MAZ Loader – Preloader Builder for WordPress plugin prior to 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
feataholic maz loader |