Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10
Critical0
High2
Medium8
Reset
Showing 1-10 of 10 records
Threat Entry Updated 2026-02-03

CVE-2025-15525 - Ajax Load More Plugin

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose the titles and excerpts of private, draft, pending, scheduled, and trashed posts.

PLUGIN Ajax Load More

CVE-2025-15525

MEDIUM CVSS 5.3 2026-01-31
Open Full Technical Breakdown
Threat Entry Updated 2025-06-17

CVE-2025-4775 - Ajax Load More Plugin

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ajax Load More

CVE-2025-4775

MEDIUM CVSS 6.4 2025-06-17
Open Full Technical Breakdown
Threat Entry Updated 2024-10-07

CVE-2024-8505 - Ajax Load More Plugin

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ajax Load More

CVE-2024-8505

MEDIUM CVSS 6.4 2024-10-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4711 - Ajax Load More Plugin

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ajax Load More

CVE-2024-4711

MEDIUM CVSS 6.4 2024-06-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-1790 - Ajax Load More Plugin

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances.

PLUGIN Ajax Load More

CVE-2024-1790

MEDIUM CVSS 4.9 2024-04-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-50874 - Ajax Load More Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1.

PLUGIN Ajax Load More

CVE-2023-50874

MEDIUM CVSS 6.5 2023-12-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2945 - Ajax Load More Plugin

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.

PLUGIN Ajax Load More

CVE-2022-2945

MEDIUM CVSS 4.9 2022-09-06
Open Full Technical Breakdown
Threat Entry Updated 2025-05-05

CVE-2022-2943 - Ajax Load More Plugin

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.

PLUGIN Ajax Load More

CVE-2022-2943

MEDIUM CVSS 4.9 2022-09-06
Open Full Technical Breakdown
Threat Entry Updated 2025-08-21

CVE-2022-2433 - Ajax Load More Plugin

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that…

PLUGIN Ajax Load More

CVE-2022-2433

HIGH CVSS 7.5 2022-09-06
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24140 - Ajax Load More Plugin

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.

PLUGIN Ajax Load More

CVE-2021-24140

HIGH CVSS 7.2 2021-03-18
Open Full Technical Breakdown
Scroll to top