CVE-2024-1790

Name of the Vulnerable Software and Affected Versions WordPress Infinite Scroll – Ajax Load More plugin for WordPress versions up to, and including, 7.0.1

Description The issue allows authenticated attackers with administrator-level access and above to read the contents of arbitrary files on the server, potentially containing sensitive information, via the type parameter. This is limited to Windows instances.

Recommendations For WordPress Infinite Scroll – Ajax Load More plugin for WordPress versions up to, and including, 7.0.1, update to a version later than 7.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the type parameter to minimize the risk of exploitation.