Lucene search
+L

119 matches found

Vulnrichment
Vulnrichment
added 2022/09/06 5:18 p.m.8 views

CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

7.5CVSS8.6AI score0.01251EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.10 views

PT-2022-19624 · WordPress · Wordpress Infinite Scroll – Ajax Load More

Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including, 5.5.3 Description: The issue allows authenticated attackers with administrative permissions to read the contents of arbitrary files on the server, potentially...

4.9CVSS3.5AI score0.01501EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.6 views

WordPress plugin WordPress Infinite Scroll – Ajax Load More 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress Infinite...

8.8CVSS8.1AI score0.01251EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.9 views

PT-2022-16612 · WordPress · Wordpress Infinite Scroll – Ajax Load More

Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including 5.5.3 Description: The issue allows deserialization of untrusted input via the alm repeaters export parameter. This enables unauthenticated users to potentially...

8.8CVSS8.7AI score0.01251EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-19603 · WordPress · Wordpress Infinite Scroll – Ajax Load More

Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including, 5.5.3 Description: The issue allows authenticated attackers with administrative privileges to download arbitrary files hosted on the server due to insufficient...

4.9CVSS5AI score0.01355EPSS
Exploits2References8
Snyk
Snyk
added 2022/08/19 8:11 a.m.1 views

Malicious Package

Overview ngx-infinite-scroll-fixed is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 9:13 p.m.4 views

Malicious code in vue3-infinite-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5723a78269b09096a17fe980684f1db2efd8c680ecb273f0b72277a1d005e3df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 9:13 p.m.9 views

MAL-2022-7000 Malicious code in vue3-infinite-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5723a78269b09096a17fe980684f1db2efd8c680ecb273f0b72277a1d005e3df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Patchstack
Patchstack
added 2021/09/19 12:0 a.m.16 views

WordPress Catch Infinite Scroll plugin <= 1.8.1 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Infinite Scroll plugin versions = 1.8.1. Solution Update the WordPress Catch Infinite Scroll plugin to the latest available version at least 1.9...

5.7CVSS2.7AI score0.00408EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2015/02/10 12:0 a.m.7 views

Drupal GD Infinite Scroll Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.GD Infinite Scroll is one of the automatic paging modules used to automatically load the next page of content when scrolling a web page. A cross-site scripting vulnerability exists in t...

4.3CVSS6AI score0.01148EPSS
Exploits0References1
CNVD
CNVD
added 2015/02/10 12:0 a.m.5 views

Drupal GD Infinite Scroll Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.GD Infinite Scroll is one of the automatic paging modules used to automatically load the next page of content when scrolling a web page. A cross-site request forgery vulnerability exist...

6.8CVSS7.1AI score0.00636EPSS
Exploits0References1
NVD
NVD
added 2015/02/09 5:59 p.m.28 views

CVE-2015-1568

Cross-site request forgery CSRF vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors...

6.8CVSS7.1AI score0.00636EPSS
Exploits0References3
NVD
NVD
added 2015/02/09 5:59 p.m.17 views

CVE-2015-1567

Cross-site scripting XSS vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.3AI score0.01148EPSS
Exploits0References3
Prion
Prion
added 2015/02/09 5:59 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.6AI score0.01148EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/02/09 5:59 p.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors...

6.8CVSS7.5AI score0.00636EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/02/09 5:0 p.m.32 views

CVE-2015-1568

Cross-site request forgery CSRF vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors...

7.1AI score0.00636EPSS
Exploits0References3
CVE
CVE
added 2015/02/09 5:0 p.m.51 views

CVE-2015-1568

The CVE-2015-1568 entry concerns the Drupal GD Infinite Scroll contributed module, affected versions prior to 7.x-1.4. It describes a Cross-Site Request Forgery (CSRF) vulnerability that allows remote attackers to hijack the authentication of users who have the permission to edit GD Infinite Scro...

6.8CVSS7.3AI score0.00636EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/02/09 5:0 p.m.27 views

CVE-2015-1567

Cross-site scripting XSS vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.01148EPSS
Exploits0References3
Drupal
Drupal
added 2015/01/28 12:0 a.m.31 views

SA-CONTRIB-2015-031 - GD Infinite Scroll - Multiple vulnerabilites

GD Infinite Scroll module enables you to use the "infinite scroll jQuery plugin : auto-pager" on custom pages. Some links were not protected against CSRF. A malicious user could cause another user with the "edit gd infinite scroll settings" permission to delete settings by getting his browser to...

6.8CVSS5.5AI score0.01148EPSS
Exploits0References10
Rows per page
Query Builder