MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF

The plugin does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack The vendor has been notified on August 24th, 2021, as well as escalated to the WP plugins team 3 times, no fix was made despite two new versions being released.