582 matches found
CVE-2022-2945
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the almgetlayout function. This makes it possible for authenticated attackers, with administrative permissions, to rea...
CVE-2022-2945
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the almgetlayout function. This makes it possible for authenticated attackers, with administrative permissions, to rea...
CVE-2022-2943
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
CVE-2022-2433
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
Directory traversal
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the almgetlayout function. This makes it possible for authenticated attackers, with administrative permissions, to rea...
Input validation
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
Deserialization of untrusted data
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
CVE-2022-2945
CVE-2022-2945 affects WordPress Ajax Load More (Infinite Scroll) plugin up to version 5.5.3. The vulnerability is a directory-traversal flaw exploitable via the type parameter in the alm_get_layout() function, allowing an authenticated administrator to read arbitrary server files containing sensi...
CVE-2022-2433
The CVE in question affects the WordPress plugin WordPress Infinite Scroll – Ajax Load More (up to and including version 5.5.3). The root cause is deserialization of untrusted input via the alm_repeaters_export parameter, which can be exploited by unauthenticated users after the site admin perfor...
CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
WordPress plugin WordPress Infinite Scroll – Ajax Load More 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress Infinite...
PT-2022-19603 · WordPress · Wordpress Infinite Scroll – Ajax Load More
Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including, 5.5.3 Description: The issue allows authenticated attackers with administrative privileges to download arbitrary files hosted on the server due to insufficient...
PT-2022-16612 · WordPress · Wordpress Infinite Scroll – Ajax Load More
Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including 5.5.3 Description: The issue allows deserialization of untrusted input via the alm repeaters export parameter. This enables unauthenticated users to potentially...
PT-2022-19624 · WordPress · Wordpress Infinite Scroll – Ajax Load More
Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including, 5.5.3 Description: The issue allows authenticated attackers with administrative permissions to read the contents of arbitrary files on the server, potentially...
WordPress Scroll To Top plugin <= 1.4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Scroll To Top plugin versions = 1.4.0. Solution Update the WordPress Scroll To Top plugin to the latest available version at least 1.4.1...
Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text" settings of the plugin...
Malicious Package
Overview ngx-infinite-scroll-fixed is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
MAL-2022-7000 Malicious code in vue3-infinite-scroll (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5723a78269b09096a17fe980684f1db2efd8c680ecb273f0b72277a1d005e3df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vue3-infinite-scroll (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5723a78269b09096a17fe980684f1db2efd8c680ecb273f0b72277a1d005e3df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...