Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.7 views

CVE-2026-6495

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.4AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-9400

Malware in sbrugna...

8.8CVSS6.3AI score0.00984EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/24 1:30 p.m.9 views

CVE-2015-10140

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files...

8.8CVSS6.5AI score0.00984EPSS
Exploits1References1
NVD
NVD
added 2025/07/22 2:15 p.m.9 views

CVE-2015-10140

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files...

8.8CVSS0.00984EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/22 1:20 p.m.7 views

CVE-2015-10140 Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files...

6.6AI score0.00984EPSS
Exploits1References1
CVE
CVE
added 2025/07/22 1:20 p.m.19 views

CVE-2015-10140

The CVE concerns the WordPress Ajax Load More plugin before version 2.8.1.2, which contains an authorization flaw in certain AJAX actions. This permits any authenticated user (e.g., a subscriber) to upload and delete arbitrary files. Affected component: Ajax Load More WordPress plugin; root cause...

8.8CVSS6.6AI score0.00984EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/08 7:19 a.m.16 views

CVE-2025-5586

The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.7AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.12 views

CVE-2021-24140

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep5=test...

7.2CVSS8.1AI score0.01205EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.46 views

CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

7.5CVSS8.8AI score0.01251EPSS
Exploits0References4
NVD
NVD
added 2021/03/18 3:15 p.m.25 views

CVE-2021-24140

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep5&type=test...

7.2CVSS0.01205EPSS
Exploits1References1
Rows per page
Query Builder