cleantalk
Vulnerabilities and Security Researches

WordPress Infinite Scroll – Ajax Load More, CVE-2025-15525

CVE, Research URL

CVE-2025-15525

Home page URL

Security reports for WordPress Infinite Scroll – Ajax Load More

Application

WordPress Infinite Scroll – Ajax Load More

Published on
Jan 31, 2026
Research Description
The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose the titles and excerpts of private, draft, pending, scheduled, and trashed posts.
Affected versions
max 7.8.2.
Status
vulnerable
Previous vulnerability researches
WordPress Ajax Load More and Infinite Scroll (CVE-2025-5586) , Jun 15, 2025
Load More Anything (CVE-2024-32110) , Jun 07, 2024
Load More Anything (6b946ad178fdf132c2a039c6c7e104487b2ab9cb) , Jun 07, 2024
Load More Anything (CVE-2024-24704) , Jun 10, 2024
WordPress Infinite Scroll – Ajax Load More (CVE-2025-15525) , Feb 27, 2026
New vulnerability
YITH WooCommerce Quick View (CVE-2025-8617) , Apr 24, 2026
Publitio (CVE-2025-58962) , Apr 24, 2026
Social Rocket – Social Sharing Plugin (CVE-2026-1923) , Apr 24, 2026
Salon booking system (CVE-2025-8492) , Apr 24, 2026
Events Addon for Elementor (CVE-2025-8150) , Apr 24, 2026