CVE-2025-15525

Name of the Vulnerable Software and Affected Versions Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress versions through 7.8.1

Description The Ajax Load More plugin for WordPress has a flaw where data access isn’t properly controlled. Specifically, the parse custom args() function lacks correct authorization checks. This allows attackers who haven’t logged in to view titles and excerpts of posts that are private, drafts, pending publication, scheduled, or in the trash.

Recommendations Update to a version newer than 7.8.1.