cleantalk
Vulnerabilities and Security Researches

WordPress Infinite Scroll – Ajax Load More, CVE-2025-4775

CVE, Research URL

CVE-2025-4775

Home page URL

Security reports for WordPress Infinite Scroll – Ajax Load More

Application

WordPress Infinite Scroll – Ajax Load More

Published on
Jun 17, 2025
Research Description
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 7.4.1.
Status
vulnerable
Previous vulnerability researches
Astra Widgets (CVE-2024-56274) , Jan 07, 2025
Astra Widgets , Jul 24, 2024
Astra Widgets (CVE-2024-50439) , Oct 27, 2024
New vulnerability
YITH PayPal Express Checkout for WooCommerce (CVE-2025-48111) , Jun 18, 2025
WordPress Infinite Scroll – Ajax Load More (CVE-2025-4775) , Jun 18, 2025
PostaPanduri (CVE-2025-49452) , Jun 18, 2025
Ivory Search – WordPress Search Plugin (CVE-2025-5209) , Jun 18, 2025
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2025-3515) , Jun 18, 2025