cleantalk
Vulnerabilities and Security Researches

WordPress Infinite Scroll – Ajax Load More, CVE-2026-6495

CVE, Research URL

CVE-2026-6495

Home page URL

Security reports for WordPress Infinite Scroll – Ajax Load More

Application

WordPress Infinite Scroll – Ajax Load More

Published on
May 18, 2026
Research Description
The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
max 7.8.4.
Status
vulnerable
Previous vulnerability researches
Bounce Handler MailPoet 3 (CVE-2024-9938) , Nov 17, 2024
New vulnerability
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-8912) , May 20, 2026
Cookie Law Bar (CVE-2021-47957) , May 20, 2026
WordPress Infinite Scroll – Ajax Load More (CVE-2026-6495) , May 20, 2026
AI Engine (CVE-2025-8084) , May 20, 2026
AI Engine (CVE-2026-8719) , May 20, 2026