WordPress Advanced AJAX Product Filters plugin <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability

Authenticated Author+ PHP Object Injection via Live Composer Compatibility vulnerability discovered by WordFence in WordPress Plugin Advanced AJAX Product Filters versions = 3.1.9.6...

CVE-2026-1426 Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...

EUVD-2021-11344

Malware in sbrugna...

CVE-2025-1505

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-1505 Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress Advanced AJAX Page Loader plugin <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin Advanced AJAX Page Loader versions = 2.7.7...

WordPress Advanced AJAX Page Loader Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Advanced AJAX Page Loader Type Plugin Vulnerable versions = 2.7.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6310 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID b14ebfbe3313 Credits István Márto...

WordPress plugin Advanced AJAX Page Loader security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2021-24432

The CVE-2021-24432 entry relates to the WordPress plugin Advanced AJAX Product Filters. The connected documents confirm a vulnerability in the br_aapf_get_child AJAX action where the POST parameter term_id is not sanitized before being output, causing unauthenticated reflected XSS. Affected versi...

WordPress advanced-ajax-page-loader plugin permissions permission and access control issues vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. advanced-ajax-page-loader is an AJAX page loading plugin used in it. The WordPress advanced-ajax-page-loader plugin is...

CVE-2016-10929

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...

CVE-2016-10929

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...

CVE-2016-10929

The CVE-2016-10929 entry concerns the WordPress plugin “advanced-ajax-page-loader” prior to version 2.7.7. The vulnerability is that there is no protection against reading uploaded files when the user is not logged in, enabling unauthenticated access to uploaded content. The available connected d...