CVE-2022-2945

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
06/09/2022
Last modified:
11/01/2024

Description

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:connekthq:ajax_load_more:*:*:*:*:*:wordpress:*:* 5.5.3 (including)