logo
DATABASE RESOURCES PRICING ABOUT US

Ajax Load More < 5.3.2 - Authenticated SQL Injection

Description

The Ajax Load More WordPress plugin was vulnerable to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type;=test. The attacker needs to be authenticated with the edit_theme_options capability, which only administrators have by default.


Related