WordPress Infinite Scroll - Ajax Load More
Moderate fix1 remedy
cpe:2.3:a:connekthq:ajax_load_more:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 7.4.0.1
WordPress Infinite Scroll – Ajax Load More Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the WordPress Infinite Scroll – Ajax Load More plugin, affecting all versions through 7.4.0.1. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts via the data-button-label HTML attribute. These scripts are executed when a user accesses the affected page.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.
Reproduction
To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can inject scripts through the data-button-label attribute. Once injected, the scripts will execute when the page is accessed.
Remediation
Users are advised to update the WordPress Infinite Scroll – Ajax Load More plugin to version 7.4.1 or later.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.7exploitability
6.2remediation
7.7relevance
0.2threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.