WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read
CVE-2022-2943

4.9MEDIUM

Key Information:

Vendor: Wordpress
Status: WordPress Infinite Scroll – Ajax Load More
Vendor: CVE Published:; 6 September 2022

Summary

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.

Affected Version(s)

WordPress Infinite Scroll – Ajax Load More * <= 5.5.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.svn.wordpress.org/ajax-load-more/tags/5.5...

https://gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Aug 22, 2022

Credit

Muhammad Zeeshan