WordPress Plugin Vulnerabilities

Ajax Load More < 5.5.4 - Admin+ Arbitrary File Read

Description

The plugin does not validate a path which could allow high privilege users such as admin to read arbitrary files from the server

Affects Plugins

Plugin icon
ajax-load-more
Fixed in 5.5.4

References

CVE
CVE-2022-2943
CVE
CVE-2022-2945

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.9 (medium)

Miscellaneous

Original Researcher
Rasoul Jahanshahi
Verified
No
WPVDB ID
f45b251d-1045-463b-9f74-9a010e8775b6

Timeline

Publicly Published
2022-08-22 (about 3 years ago)
Added
2022-08-22 (about 3 years ago)
Last Updated
2023-05-13 (about 3 years ago)

Other

Published
Title
Published
2025-09-03
Title
atec Debug < 1.2.23 - Admin+ Arbitrary File Deletion
Published
2019-05-23
Title
Simple File List Plugin <= 3.2.4 - Authenticated Arbitrary File Delete
Published
2025-01-06
Title
Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal
Published
2019-03-14
Title
SG Optimizer <= 5.0.12 - Unauthenticated File Upload
Published
2018-10-27
Title
ARForms < 3.5.2 - Unauthenticated Arbitrary File Deletion