CVE-2022-2943

Name of the Vulnerable Software and Affected Versions WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including, 5.5.3

Description The issue allows authenticated attackers with administrative privileges to download arbitrary files hosted on the server due to insufficient file path validation on the alm repeaters export() function. This could lead to accessing sensitive content, such as the wp-config.php file.

Recommendations For WordPress Infinite Scroll – Ajax Load More plugin versions up to, and including, 5.5.3, update to a version later than 5.5.3 to resolve the issue. As a temporary workaround, consider disabling the alm repeaters export() function until a patch is available. Restrict access to sensitive files on the server to minimize the risk of exploitation.