Ajax Load More – Infinite Scroll, Lazy Load & Load...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose the titles and excerpts of private, draft, pending, scheduled, and trashed posts.

Basic Information

ID CVE-2025-15525

Source Wordfence

Published Jan 31, 2026 at 04:35

Affected Product

Vendor dcooney

Product Ajax Load More – Infinite Scroll, Load More, & Lazy Load

Version *

Affected Versions dcooney Ajax Load More – Infinite Scroll, Load More, & Lazy Load *

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "The Ajax Load More \u2013 Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose the titles and excerpts of private, draft, pending, scheduled, and trashed posts.",
    "published": "2026-01-31T04:35:15.222Z",
    "modified": "2026-01-31T04:35:15.222Z",
    "type": "cve",
    "title": "Ajax Load More \u2013 Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d01f4e67-a463-4973-97b1-41a64398686a?source=cve\nhttps://plugins.trac.wordpress.org/browser/ajax-load-more/tags/7.8.1/core/classes/class-alm-queryargs.php#L500",
    "id": "CVE-2025-15525",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "dcooney Ajax Load More \u2013 Infinite Scroll, Load More, & Lazy Load *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ajax Load More \u2013 Infinite Scroll, Load More, & Lazy Load",
    "version": "*",
    "vendor": "dcooney",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure_CVE-2025-15525