CVE-2021-24669

Name of the Vulnerable Software and Affected Versions MAZ Loader – Preloader Builder for WordPress plugin versions prior to 1.3.3

Description The issue concerns the MAZ Loader – Preloader Builder for WordPress plugin, where the loader id parameter of the mzldr shortcode is not properly validated or escaped. This allows users with a role as low as Contributor to perform SQL injection.

Recommendations For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the mzldr shortcode for users with low roles to minimize the risk of exploitation.