Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WordPress Infinite Scroll – Ajax Load More 2.11.2

  • Severity: critical
  • Status: Fixed
  • Publication: August 15, 2016

The Ajax Load More plugin for WordPress had a security issue in versions before 2.11.2. This issue would allow someone to gain access to parts of the website they should not be able to, such as sensitive data, or to execute code. This could be done by taking advantage of the “repeater” parameter. This would let the attacker include and execute files that weren’t supposed to be there, and could be used even if the website only allowed “safe” files, such as images, to be uploaded.

Detected in:

Ajax Load More – Infinite Scroll fixed vulnerable versions:
Ajax Load More – Infinite Scroll, Lazy Load & Load More fixed vulnerable versions:
Ajax Load More – Infinite Scroll, Load More, & Lazy Load fixed vulnerable versions:
WordPress Infinite Scroll – Ajax Load More fixed vulnerable versions: >= * < 2.11.2

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.