cleantalk
Vulnerabilities and Security Researches

WordPress Infinite Scroll – Ajax Load More, CVE-2022-2943

CVE, Research URL

CVE-2022-2943

Home page URL

Security reports for WordPress Infinite Scroll – Ajax Load More

Application

WordPress Infinite Scroll – Ajax Load More

Published on
Sep 06, 2022
Research Description
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.
Affected versions
Min -, max 5.5.4.
Status
vulnerable
Previous vulnerability researches
Load More Anything (CVE-2024-32110) , Jun 07, 2024
Load More Anything (6b946ad178fdf132c2a039c6c7e104487b2ab9cb) , Jun 07, 2024
Load More Anything (CVE-2024-24704) , Jun 10, 2024
WordPress Infinite Scroll – Ajax Load More (CVE-2024-8505) , Oct 02, 2024
WordPress Infinite Scroll – Ajax Load More (CVE-2022-2433) , Jun 06, 2024
New vulnerability
WP SEO Structured Data Schema (CVE-2025-4127) , May 09, 2025
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More (CVE-2025-47501) , May 09, 2025
CBX Map for Google Map & OpenStreetMap (CVE-2025-47669) , May 09, 2025
Bold Page Builder (CVE-2025-47488) , May 09, 2025
Bold Page Builder (CVE-2025-47525) , May 09, 2025