cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-24668,https://securityvulnerability.io/vulnerability/CVE-2021-24668,MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF,"The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack",Wordpress,Maz Loader – Preloader Builder For WordPress,4.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2021-11-23T19:16:05.000Z,0
CVE-2021-24669,https://securityvulnerability.io/vulnerability/CVE-2021-24669,MAZ Loader < 1.3.3 - Contributor+ SQL Injection,"The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.",Wordpress,Maz Loader – Preloader Builder For WordPress,8.8,HIGH,0.001120000029914081,false,,false,false,false,,false,false,2021-11-08T17:34:59.000Z,0