Lucene search
K

130 matches found

Patchstack
Patchstack
added 2026/06/30 9:52 a.m.9 views

WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 9:31 a.m.30 views

CVE-2026-8141 Ajax Load More - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting via 'taxonomy_include_children' Field

The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomyincludechildren' parameter in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 9:31 a.m.7 views

EUVD-2026-40274

The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomyincludechildren' parameter in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS5.9AI score0.00261EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/11 12:57 p.m.9 views

WordPress Ajax Load More plugin < 7.8.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ajax Load More versions 7.8.4...

7.1CVSS5.4AI score0.00184EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.17 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References1
NVD
NVD
added 2026/06/06 4:17 a.m.14 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS0.0515EPSS
Exploits1References14
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34950

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References14
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.11 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References15
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.0515EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.7 views

CVE-2026-6495

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.4AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 7:16 a.m.31 views

CVE-2026-6495

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 6:0 a.m.15 views

EUVD-2026-30733

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:0 a.m.13 views

CVE-2026-6495

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 6:0 a.m.9 views

CVE-2026-6495 Ajax Load More < 7.8.4 - Reflected XSS

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.48 views

CVE-2026-6495 Ajax Load More < 7.8.4 - Reflected XSS

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:0 a.m.30 views

CVE-2026-6495

The CVE-2026-6495 entry concerns the Ajax Load More WordPress plugin and a Reflected XSS vulnerability in versions before 7.8.4 , caused by failure to sanitize/escape a parameter before output . This could affect high-privilege accounts (e.g., admins) if an attacker can induce the vulnerable para...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41638

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/01 9:18 a.m.18 views

CVE-2025-15525

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/01/31 5:16 a.m.9 views

CVE-2025-15525

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/31 4:35 a.m.33 views

CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS0.00264EPSS
Exploits0References2
Rows per page
Query Builder