cleantalk
Vulnerabilities and Security Researches

WordPress Infinite Scroll – Ajax Load More, CVE-2024-8505

CVE, Research URL

CVE-2024-8505

Home page URL

Security reports for WordPress Infinite Scroll – Ajax Load More

Application

WordPress Infinite Scroll – Ajax Load More

Published on
Oct 02, 2024
Research Description
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 7.1.3.
Status
vulnerable
Previous vulnerability researches
Load More Anything (CVE-2024-32110) , Jun 07, 2024
Load More Anything (6b946ad178fdf132c2a039c6c7e104487b2ab9cb) , Jun 07, 2024
Load More Anything (CVE-2024-24704) , Jun 10, 2024
WordPress Infinite Scroll – Ajax Load More (CVE-2024-8505) , Oct 02, 2024
WordPress Infinite Scroll – Ajax Load More (CVE-2022-2433) , Jun 06, 2024
New vulnerability
WP SEO Structured Data Schema (CVE-2025-4127) , May 09, 2025
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More (CVE-2025-47501) , May 09, 2025
CBX Map for Google Map & OpenStreetMap (CVE-2025-47669) , May 09, 2025
Bold Page Builder (CVE-2025-47488) , May 09, 2025
Bold Page Builder (CVE-2025-47525) , May 09, 2025