Ajax Load More <= 2.11.1 - Local File Inclusion (LFI)

Description

NOTE: The victim should have the paid add-on Custom Repeater or Unlimited installed.

Affects Plugin

WordPress Infinite Scroll – Ajax Load More

fixed in version 2.11.2

References

URL	https://seclists.org/fulldisclosure/2016/Aug/72
URL	https://sumofpwn.nl/advisory/2016/ajax_load_more_local_file_inclusion_vulnerability.html

Classification

Type	LFI
OWASP Top 10	A1: Injection
CWE	CWE-22

Miscellaneous

Submitter	ethicalhack3r
Submitter Website	https://dewhurstsecurity.com/
Submitter Twitter	ethicalhack3r
Views	6875
Verified	No
WPVDB ID	8603

Timeline

Publicly Published	2016-08-15 (almost 4 years ago)
Added	2016-08-16 (almost 4 years ago)
Last Updated	2019-11-01 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner

WPScan WordPress Security Plugin