Stored Cross-Site Scripting Vulnerability in Ajax Load More - Filters for WordPress
CVE-2026-8141

7.2HIGH

Key Information:

Vendor: WordPress
Status: Ajax Load More - Filters
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-8141?

The Ajax Load More - Filters plugin for WordPress presents a vulnerability that allows for Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter. Due to inadequate input sanitization and output escaping, this vulnerability affects all versions up to and including 3.4.1. Unauthenticated attackers can exploit this flaw to inject arbitrary web scripts into pages, leading to potential execution when users access affected content.

Affected Version(s)

Ajax Load More - Filters 0 <= 3.4.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://ajaxloadmore.com/add-ons/filters/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
May 7, 2026

Credit

jonathan dunn

CVE-2026-8141 Data

JSON