Ajax Load More

Source repositories

https://github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9

CVEs (5)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-47630	Med	0.42	6.5	0.00	May 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Stored XSS.This issue affects Ajax Load More: from n/a through <= 7.3.1.2.
CVE-2024-4711	Med	0.42	6.4	0.00	Jun 1, 2024	The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-50874	Med	0.42	6.5	0.00	Dec 28, 2023	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1.
CVE-2022-2945	Med	0.32	4.9	0.01	Sep 6, 2022	The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVE-2022-2943	Med	0.32	4.9	0.01	Sep 6, 2022	The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.

CVE-2025-47630MedMay 7, 2025
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Stored XSS.This issue affects Ajax Load More: from n/a through <= 7.3.1.2.
CVE-2024-4711MedJun 1, 2024
risk 0.42cvss 6.4epss 0.00
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-50874MedDec 28, 2023
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1.
CVE-2022-2945MedSep 6, 2022
risk 0.32cvss 4.9epss 0.01
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVE-2022-2943MedSep 6, 2022
risk 0.32cvss 4.9epss 0.01
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.