cleantalk
Vulnerabilities and Security Researches

WordPress Infinite Scroll – Ajax Load More, CVE-2015-10140

CVE, Research URL

CVE-2015-10140

Home page URL

Security reports for WordPress Infinite Scroll – Ajax Load More

Application

WordPress Infinite Scroll – Ajax Load More

Published on
Jul 22, 2025
Research Description
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.
Affected versions
Min -, max 2.8.1.2.
Status
vulnerable
Previous vulnerability researches
Knowledge Base (CVE-2024-51677) , Nov 05, 2024
Knowledge Base (CVE-2025-5533) , Jun 14, 2025
Knowledge Base (CVE-2025-7431) , Jul 18, 2025
Knowledge Base (fc987e789c05f0830b9db07f27df5334dc16c666) , Jun 07, 2024
New vulnerability
Orion Login with SMS (CVE-2025-7692) , Jul 23, 2025
WordPress Infinite Scroll – Ajax Load More (CVE-2015-10140) , Jul 23, 2025
Social Streams (CVE-2025-7722) , Jul 23, 2025
Ebook Store (CVE-2025-7486) , Jul 23, 2025
Formality (CVE-2025-48157) , Jul 23, 2025