Skip to main content

Ajax Load More

7 CVEs product

Monthly

CVE-2024-8505 MEDIUM PATCH This Month

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Ajax Load More
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-4711 MEDIUM PATCH This Month

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ajax Load More
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-50874 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll - Ajax Load More allows Stored XSS.1.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ajax Load More
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-2945 MEDIUM POC This Month

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout(). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Ajax Load More
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
1.0%
CVE-2022-2943 MEDIUM POC This Month

The WordPress Infinite Scroll - Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Path Traversal Ajax Load More
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-2433 HIGH PATCH This Week

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress PHP Ajax Load More
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-24140 HIGH This Week

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Ajax Load More
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Ajax Load More
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ajax Load More
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll - Ajax Load More allows Stored XSS.1.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ajax Load More
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout(). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Ajax Load More
NVD GitHub VulDB
EPSS 1% CVSS 4.9
MEDIUM POC This Month

The WordPress Infinite Scroll - Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Path Traversal +1
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress PHP +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy