CVE-2022-2943

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.
Configurations

Configuration 1

cpe:2.3:a:connekthq:ajax_load_more:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-09-06 06:15

Updated : 2022-09-13 04:16


NVD link : CVE-2022-2943

Mitre link : CVE-2022-2943

Products Affected
No products.
CWE