Lucene search

K
wpvulndbWpvulndbWPVDB-ID:D33B4230-81F2-436F-A1E5-2C9984CDED19
HistoryAug 22, 2022 - 12:00 a.m.

Ajax Load More < 5.5.4 - PHAR Deserialization via CSRF

2022-08-2200:00:00
wpscan.com
10

0.003 Low

EPSS

Percentile

70.8%

The plugin does not validate user input before using it to generate a path, allowing attacker to fully control it and use any wrapper, such as PHAR which could lead to deserialisation if they can trick an admin to open a malicious link and a suitable gadget chain is present

CPENameOperatorVersion
ajax-load-morelt5.5.4

0.003 Low

EPSS

Percentile

70.8%

Related for WPVDB-ID:D33B4230-81F2-436F-A1E5-2C9984CDED19