CVE-2022-2943

🗓️ 06 Sep 2022 17:19:02Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 66 Views🌐 WEB

WordPress plugin up to 5.5.3 allows admin to download arbitrary server files

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2022-2943	6 Sep 202218:15	–	attackerkb
CNNVD	WordPress plugin Ajax Load More 路径遍历漏洞	6 Sep 202200:00	–	cnnvd
Cvelist	CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read	6 Sep 202217:19	–	cvelist
EUVD	EUVD-2022-35164	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2943	6 Sep 202218:15	–	nvd
OSV	CVE-2022-2943	6 Sep 202218:15	–	osv
Patchstack	WordPress Ajax Load More plugin <= 5.5.3 - Authenticated Arbitrary File Read vulnerability	22 Aug 202200:00	–	patchstack
Prion	Input validation	6 Sep 202218:15	–	prion
Positive Technologies	PT-2022-19603 · WordPress · Wordpress Infinite Scroll – Ajax Load More	6 Sep 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2943	22 May 202522:46	–	redhatcve

NVD

Vulners

Node

connekthq ajax_load_moreRange<5.5.4wordpress

[
  {
    "vendor": "dcooney",
    "product": "Ajax Load More – Infinite Scroll, Load More, & Lazy Load",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "5.5.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/vulnerability-advisories/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/6d643d07-7533-430b-a1d8-8e66a2a2c5e6
plugins	www.plugins.svn.wordpress.org/ajax-load-more/tags/5.5.4/README.txt
gist	www.gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9

Parameter	Position	Path	Description	CWE
alm_repeaters_export_name	request body	wp-admin/admin.php?page=ajax-load-more-repeaters	Arbitrary file read via path traversal in alm_repeaters_export() allowing privileged admin to read server files (e.g., wp-config.php).	CWE-22

17 Jun 2026 04:42Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.14.9

EPSS0.01279

SSVC

CWE-22