CVE-2015-10140

Summary

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

Affected Software

VendorProductVersion RangeStatus
UnknownAjax Load More0 < 2.8.1.2affected

Weaknesses

  • CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References