CVE-2015-10140 in Ajax Load More Plugininformação

Sumário

de MITRE • 22/07/2025

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

WPScan

Reservar

22/07/2025

Divulgação

22/07/2025

Moderação

aceite

Entrada

VDB-317236

CPE

pronto

CWE

CWE-862 (confirmado)

CVSS

5.4 (VulDB)

EPSS

0.73866

KEV

não

Atividades

muito baixo

Sector

Hostingprovider

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-10140
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-10140
CVE Details	https://www.cvedetails.com/cve/CVE-2015-10140/

◂ Voltar Visão Geral Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!