Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Ajax Load More <= 5.5.3 Multiple Vulnerabilities

Ajax Load More <= 5.5.3 Multiple Vulnerabilities

Authenticated Information Disclosure / Local File Disclosure:

"ajax-load-more-repeaters" AJAX action is vulnerable to "Full Path Disclosure" since full path of webserver file name can be seen in the request. Arbitrary filename can be provided as input via parameter "alm_repeaters_export" to view the file contents. PoC for reading WordPress Configuration file:

POST /wp-admin/admin.php?page=ajax-load-more-repeaters

LFD Vulnerable file: admin/admin.php

Authenticated Cross-Site Scripting:



Parameter index is not properly sanitized. Vulnerable file: admin/admin.php XSS

Authenticated Path traversal to arbitrary file read:




Vulnerable file: admin/admin.php

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment