2 matches found
CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
CVE-2022-2433
The CVE in question affects the WordPress plugin WordPress Infinite Scroll – Ajax Load More (up to and including version 5.5.3). The root cause is deserialization of untrusted input via the alm_repeaters_export parameter, which can be exploited by unauthenticated users after the site admin perfor...