Ajax Pagination 1.1 – wp-admin/admin-ajax.php loop Parameter Local File Inclusion | CVE 2014-2674

Affects Plugins

ajax-pagination

No known fix

References

CVE

CVE-2014-2674

Exploitdb

32622

URL

https://packetstormsecurity.com/files/#125929/

URL

https://seclists.org/fulldisclosure/2014/Mar/398

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

7.5 (high)

Miscellaneous

Verified

No

WPVDB ID

983f6e59-85dc-4893-a872-863e43555175

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-12-30

Title

WPMasterToolKit < 1.14.0 - Authenticated (Admin+) Arbitrary File Download

Published

2025-10-24

Title

Creta Testimonial Showcase < 1.2.4 - Editor+ Local File Inclusion

Published

2025-07-25

Title

Kallyas < 4.22.0 - Authenticated (Contributor+) Arbitrary Folder Deletion

Published

2025-04-07

Title

Nomupay Payment Processing Gateway < 7.1.6 - Authenticated (Subscriber+) Arbitrary File Download

Published

2026-03-09

Title

The Events Calendar < 6.15.17.1 - Author+ Arbitrary File Read