The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attackCreditsapple502jReferenceshttps://wpscan.com/vulnerability/519205ff-2ff6-41e4-9e95-475ab2ce35b9
