CVE-2022-2945

🗓️ 06 Sep 2022 17:19:01Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 53 Views

WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter in alm_get_layout() function. Authenticated attackers with administrative permissions can read contents of arbitrary files on server, containing sensitive information

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2022-2945	6 Sep 202218:15	–	attackerkb
CNNVD	WordPress plugin Ajax Load More 路径遍历漏洞	6 Sep 202200:00	–	cnnvd
Cvelist	CVE-2022-2945 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal	6 Sep 202217:19	–	cvelist
EUVD	EUVD-2022-35166	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2945	6 Sep 202218:15	–	nvd
OSV	CVE-2022-2945	6 Sep 202218:15	–	osv
Patchstack	WordPress Ajax Load More plugin <= 5.5.3 - Directory Traversal vulnerability	22 Aug 202200:00	–	patchstack
Prion	Directory traversal	6 Sep 202218:15	–	prion
Positive Technologies	PT-2022-19624 · WordPress · Wordpress Infinite Scroll – Ajax Load More	6 Sep 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2945	22 May 202522:49	–	redhatcve

NVD

Vulners

Node

connekthq ajax_load_moreRange≤5.5.3wordpress

[
  {
    "vendor": "dcooney",
    "product": "Ajax Load More – Infinite Scroll, Load More, & Lazy Load",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "5.5.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.svn.wordpress.org/ajax-load-more/tags/5.5.4/README.txt
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/8957413c-95e0-49c8-ba8a-02b9b5141e08
gist	www.gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9
wordfence	www.wordfence.com/vulnerability-advisories/

08 Apr 2026 18:17Current

3.9Low risk

Vulners AI Score3.9

CVSS 3.12.7 - 4.9

EPSS0.00876

CWE-22