Advanced Ajax Page Loader Security Vulnerabilities and Issues — Advanced Ajax Page Loader CVE List

Lucene search

Advanced Ajax Page Loader ProjectAdvanced Ajax Page Loader

2 matches found

CVE•added 2024/07/09 8:15 a.m.•45 views

CVE-2024-6310

The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. This is due to missing nonce validation in the 'admin_init_AAPL' function and missing file type validation in the 'AAPL_options_validate' ...

8.8CVSS8.9AI score0.02967EPSS

CVE•added 2019/08/22 8:15 p.m.•35 views

CVE-2016-10929

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.

5.3CVSS5.4AI score0.00249EPSS