PT-2025-30415 · WordPress · Ajax Load More
Published
2025-07-22
·
Updated
2026-01-02
·
CVE-2015-10140
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ajax Load More versions prior to 2.8.1.2
Description
The Ajax Load More plugin does not have authorization in some of its AJAX actions, allowing any authenticated user, such as a subscriber, to upload and delete arbitrary files.
Recommendations
Update to Ajax Load More version 2.8.1.2 or later.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ajax Load More