119 matches found
CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
PT-2022-19624 · WordPress · Wordpress Infinite Scroll – Ajax Load More
Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including, 5.5.3 Description: The issue allows authenticated attackers with administrative permissions to read the contents of arbitrary files on the server, potentially...
WordPress plugin WordPress Infinite Scroll – Ajax Load More 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress Infinite...
PT-2022-16612 · WordPress · Wordpress Infinite Scroll – Ajax Load More
Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including 5.5.3 Description: The issue allows deserialization of untrusted input via the alm repeaters export parameter. This enables unauthenticated users to potentially...
PT-2022-19603 · WordPress · Wordpress Infinite Scroll – Ajax Load More
Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including, 5.5.3 Description: The issue allows authenticated attackers with administrative privileges to download arbitrary files hosted on the server due to insufficient...
Malicious Package
Overview ngx-infinite-scroll-fixed is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in vue3-infinite-scroll (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5723a78269b09096a17fe980684f1db2efd8c680ecb273f0b72277a1d005e3df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7000 Malicious code in vue3-infinite-scroll (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5723a78269b09096a17fe980684f1db2efd8c680ecb273f0b72277a1d005e3df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Catch Infinite Scroll plugin <= 1.8.1 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Infinite Scroll plugin versions = 1.8.1. Solution Update the WordPress Catch Infinite Scroll plugin to the latest available version at least 1.9...
Drupal GD Infinite Scroll Module Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.GD Infinite Scroll is one of the automatic paging modules used to automatically load the next page of content when scrolling a web page. A cross-site scripting vulnerability exists in t...
Drupal GD Infinite Scroll Module Cross-Site Request Forgery Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.GD Infinite Scroll is one of the automatic paging modules used to automatically load the next page of content when scrolling a web page. A cross-site request forgery vulnerability exist...
CVE-2015-1568
Cross-site request forgery CSRF vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors...
CVE-2015-1567
Cross-site scripting XSS vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors...
CVE-2015-1568
Cross-site request forgery CSRF vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors...
CVE-2015-1568
The CVE-2015-1568 entry concerns the Drupal GD Infinite Scroll contributed module, affected versions prior to 7.x-1.4. It describes a Cross-Site Request Forgery (CSRF) vulnerability that allows remote attackers to hijack the authentication of users who have the permission to edit GD Infinite Scro...
CVE-2015-1567
Cross-site scripting XSS vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors...
SA-CONTRIB-2015-031 - GD Infinite Scroll - Multiple vulnerabilites
GD Infinite Scroll module enables you to use the "infinite scroll jQuery plugin : auto-pager" on custom pages. Some links were not protected against CSRF. A malicious user could cause another user with the "edit gd infinite scroll settings" permission to delete settings by getting his browser to...