The Ajax Load More WordPress plugin was vulnerable to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=’ or sleep(5)#&type;=test. The attacker needs to be authenticated with the edit_theme_options capability, which only administrators have by default.
https://drive.google.com/open?id=14YFYBUdMhYu1vvZrCd9QAhyZQv5rAwdm https://asciinema.org/a/LRCzXVCkKrVlIkuLXNIKUQdhI
CPE | Name | Operator | Version |
---|---|---|---|
ajax-load-more | lt | 5.3.2 |