cleantalk
Vulnerabilities and Security Researches

WordPress Infinite Scroll – Ajax Load More, CVE-2022-2945

CVE, Research URL

CVE-2022-2945

Home page URL

Security reports for WordPress Infinite Scroll – Ajax Load More

Application

WordPress Infinite Scroll – Ajax Load More

Published on
Sep 06, 2022
Research Description
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
Min -, max 2.8.1.2.
Status
vulnerable
Previous vulnerability researches
Load More Anything (CVE-2024-32110) , Jun 07, 2024
Load More Anything (6b946ad178fdf132c2a039c6c7e104487b2ab9cb) , Jun 07, 2024
Load More Anything (CVE-2024-24704) , Jun 10, 2024
WordPress Infinite Scroll – Ajax Load More (CVE-2024-8505) , Oct 02, 2024
WordPress Infinite Scroll – Ajax Load More (CVE-2022-2433) , Jun 06, 2024
New vulnerability
WP SEO Structured Data Schema (CVE-2025-4127) , May 09, 2025
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More (CVE-2025-47501) , May 09, 2025
CBX Map for Google Map & OpenStreetMap (CVE-2025-47669) , May 09, 2025
Bold Page Builder (CVE-2025-47488) , May 09, 2025
Bold Page Builder (CVE-2025-47525) , May 09, 2025