cleantalk
Vulnerabilities and Security Researches

WordPress Infinite Scroll – Ajax Load More, CVE-2015-10140

CVE, Research URL

CVE-2015-10140

Home page URL

Security reports for WordPress Infinite Scroll – Ajax Load More

Application

WordPress Infinite Scroll – Ajax Load More

Published on
Jul 22, 2025
Research Description
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.
Affected versions
Min -, max 2.8.1.2.
Status
vulnerable
Previous vulnerability researches
WC Fields Factory (CVE-2023-0277) , Jun 07, 2024
WC Fields Factory (6cc027737736ffa5a4ad7d18f7aacab3368b4dae) , Jun 07, 2024
New vulnerability
WP Applink (CVE-2025-6385) , Jul 25, 2025
Structured Content (JSON-LD) #wpsc (CVE-2025-4608) , Jul 25, 2025
Taeggie Feed (CVE-2025-6382) , Jul 25, 2025
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination (CVE-2025-5084) , Jul 25, 2025
AI Engine (CVE-2025-7780) , Jul 25, 2025