CVE-2022-2945

MEDIUM

Ajax Load More < 5.5.3 - Authenticated Path Traversal via 'type' Parameter

Title source: llm

Description

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.

References (4)

Core 4

Core References

Exploit, Third Party Advisory

https://gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9

Release Notes, Third Party Advisory

https://plugins.svn.wordpress.org/ajax-load-more/tags/5.5.4/README.txt

Third Party Advisory

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2945

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/8957413c-95e0-49c8-ba8a-02b9b5141e08?source=cve

Scores

CVSS v3 4.9

EPSS 0.0142

EPSS Percentile 69.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

connekthq/ajax_load_more < 5.5.3

dcooney/Ajax Load More – Infinite Scroll, Load More, & Lazy Load < 5.5.3

Published Sep 06, 2022

Tracked Since Feb 18, 2026