The plugin does not validate user input before using it to generate a path, allowing attacker to fully control it and use any wrapper, such as PHAR which could lead to deserialisation if they can trick an admin to open a malicious link and a suitable gadget chain is present
CPE | Name | Operator | Version |
---|---|---|---|
ajax-load-more | lt | 5.5.4 |