Connekthq Ajax Load More — known CVE vulnerabilities
Every CVE whose affected-product data names Connekthq Ajax Load More, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2015-10140 — CVSS 8.8 (high): The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as…
CVE-2022-2433 — CVSS 7.5 (high): The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the…
CVE-2021-24140 — CVSS 7.2 (high): Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php…
CVE-2025-47630 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More…
CVE-2023-50874 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite…
CVE-2024-4711 — CVSS 6.4 (medium): The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more…
CVE-2024-8505 — CVSS 6.4 (medium): The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2022-4466 — CVSS 5.4 (medium): The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before…
CVE-2022-2943 — CVSS 4.9 (medium): The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and…
CVE-2022-2945 — CVSS 4.9 (medium): The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and…