CVE-2024-8505

Published October 2nd, 2024

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Ajax Load More – Infinite Scroll, Load More, & Lazy Load

Ajax Load More is the most powerful infinite scroll, lazy load, and load more plugin for WordPress. Use it to automatically load posts, pages, custom post types, comments, and WooCommerce products without refreshing the page. Build custom WordPress queries visually with the Ajax Load More Query/Shortcode Builder, then embed them anywhere using blocks, shortcodes, or template tags. Ajax Load More is developer-friendly, performance-optimized, and compatible with popular plugins like WooCommerce, Advanced Custom Fields, and Elementor. → <a href="https://ajaxloadmore.com" rel="nofollow ugc">Get More Information</a> <h3>Features</h3> <ul> <li>Query/Shortcode Builder – Create a custom Ajax Load More query in seconds by adjusting various WordPress query parameters included with the inuitive shortcode builder.</li> <li>Query Parameters – Query WordPress by many different content types. Query by Post Type, Category, Tags, Custom Taxonomies, Search Term, Date Query, Authors and more!</li> <li>Ajax Filtering – The Ajax Load More <a href="https://ajaxloadmore.com/examples/filtering/" rel="nofollow ugc">custom filtering</a> method will allow you to filter and update your Ajax query results.</li> <li>Templates – Edit and extend the functionality of Ajax Load More by creating your own template to match the look and feel of your website.</li> <li>Multiple Instances – Include multiple instances of Ajax Load More on a single page, post or template.</li> <li>Multisite Compatibility – Manage Repeater Templates across all sites in your network.</li> <li>Setting Panel – Customize Ajax Load More by configuring the various plugin settings.</li> </ul> Check out the <a href="https://ajaxloadmore.com/" rel="nofollow ugc">website</a> for more information on the features and functionality of Ajax Load More. <h3>Why Ajax Load More is the Best Infinite Scroll Plugin for WordPress</h3> Ajax Load More differs from the other WordPress infinite scroll plugins because with ALM, you create the query for displaying the data. This gives you full control over the content you are loading and displaying to your users. <h3>What’s New</h3> <ul> <li><a href="https://ajaxloadmore.com/examples/prefetch/" rel="nofollow ugc">Data Prefetching</a> – Load the next set of posts into memory before the user interacts with the Load More button or infinite scroll. This improves the precieved performance of Ajax Load More by reducing wait times for users.</li> <li><a href="https://ajaxloadmore.com/add-ons/filters/" rel="nofollow ugc">Filters Add-on</a> – The Filters add-on provides front-end and admin functionality for building and managing Ajax based filters and facets.</li> <li><a href="https://ajaxloadmore.com/add-ons/query-loop/" rel="nofollow ugc">Query Loop</a> – Enable infinite scroll or load more functionality for the WordPress Query Loop block.</li> <li><a href="https://ajaxloadmore.com/pro/" rel="nofollow ugc">Pro Bundle</a> – Access to all premium Ajax Load More add-ons in a single installation.</li> <li><a href="https://ajaxloadmore.com/add-ons/next-page/" rel="nofollow ugc">Next Page Add-on</a> – Infinite scroll multi-page WordPress content with Ajax Load More.</li> <li><a href="https://ajaxloadmore.com/examples/advanced-custom-fields/" rel="nofollow ugc">Advanced Custom Fields</a> – Compatibility and integration added for infinite scrolling Flexible Content, Gallery, Relationship and Repeater fields for Advanced Custom Fields.</li> <li><a href="https://ajaxloadmore.com/examples/progress-bar/" rel="nofollow ugc">Progress Bars</a> – Display a Progress Bar load indicator with each Ajax request.</li> <li><a href="https://ajaxloadmore.com/examples/scroll-container/" rel="nofollow ugc">Scroll Container</a> – Constraining infinite scroll to a parent container.</li> </ul> <h3>Content Types</h3> Ajax Load More can infinite scroll almost any content type WordPress offers – from blog posts to multipage content to WooCommerce products – Ajax Load More can handle it all. Check out the examples below: <ul> <li><a href="https://ajaxloadmore.com/examples/default/" rel="nofollow ugc">Standard Posts</a></li> <li><a href="https://ajaxloadmore.com/examples/masonry/" rel="nofollow ugc">Custom Post Types</a></li> <li><a href="https://ajaxloadmore.com/examples/search-results/" rel="nofollow ugc">Pages</a></li> <li><a href="https://ajaxloadmore.com/add-ons/next-page/next-page-default/" rel="nofollow ugc">Multipage Posts & Pages</a></li> <li><a href="https://ajaxloadmore.com/ajax-load-more-posts/alm-post-example/" rel="nofollow ugc">Single Posts</a></li> <li><a href="http://examples.connekthq.com/alm-comments/example-post/" rel="nofollow ugc">Comments</a></li> <li><a href="https://ajaxloadmore.com/examples/advanced-custom-fields/" rel="nofollow ugc">Advanced Custom Fields</a></li> </ul> <h3>Parameters</h3> Ajax Load More accepts a variety of WordPress query and display parameters that are passed to WordPress via shortcode or <a href="https://ajaxloadmore.com/docs/implementation-methods" rel="nofollow ugc">PHP function/Template Tag</a>. These parameters allow you to customize the content of the infinite scroll experience by selecting query parameters such as Post Types, Taxonomies, Categories, Tags, Dates, etc… you can also control interactive properties such as button labels, scrolling options and transition styles. → <a href="https://ajaxloadmore.com/docs/shortcode-parameters/" rel="nofollow ugc">View Parameters</a> <h3>Query/Shortcode Builder</h3> The Ajax Load More <a href="https://ajaxloadmore.com/docs/shortcode-builder/" rel="nofollow ugc">Query/Shortcode Builder</a> provides an intuitive and easy-to-use admin interface that transforms complex WordPress queries into manageable shortcodes. → <a href="https://ajaxloadmore.com/docs/shortcode-builder/" rel="nofollow ugc">View Shortcode Builder</a> <h4>Example Ajax Load More Shortcode</h4> <pre><code>[ajax_load_more post_type="post, portfolio" posts_per_page="6" button_label="Load More"] </code></pre> <h4>Examples & Demos</h4> <ul> <li><a href="https://ajaxloadmore.com/examples/default/" rel="nofollow ugc">Default</a> – Out of the box functionality and styling.</li> <li><a href="https://ajaxloadmore.com/examples/advanced-custom-fields/" rel="nofollow ugc">Advanced Custom Fields</a> – Infinite scroll Advanced Custom Fields data with Ajax Load More.</li> <li><a href="https://ajaxloadmore.com/examples/attachments/" rel="nofollow ugc">Attachments</a> – Endless scroll post attachments.</li> <li><a href="https://ajaxloadmore.com/examples/css-grid/" rel="nofollow ugc">CSS Grid</a> – Rendering Ajax Load More listings with CSS GridRe.</li> <li><a href="https://ajaxloadmore.com/examples/destroy-after/" rel="nofollow ugc">Destroy After</a> – Remove Ajax Load More functionality after ‘n’ number of pages.</li> <li><a href="https://ajaxloadmore.com/examples/event-listing/" rel="nofollow ugc">Event Listing</a> – Ordering and listing events by custom field date.</li> <li><a href="https://ajaxloadmore.com/examples/filtering/" rel="nofollow ugc">Filtering</a> – Reset and filter an Ajax Load More instance.</li> <li><a href="https://ajaxloadmore.com/add-ons/filters/facet-filtering/" rel="nofollow ugc">Facet Filtering</a> – Implement a faceted search and filter experience for Ajax Load More</li> <li><a href="https://ajaxloadmore.com/examples/infinite-scroll/" rel="nofollow ugc">Infinite Scroll</a> – A look at the new loading functionality and styles.</li> <li><a href="https://ajaxloadmore.com/examples/images-loaded/" rel="nofollow ugc">Images Loaded</a> – Download images before displaying ajax loaded content.</li> <li><a href="https://ajaxloadmore.com/examples/masonry/" rel="nofollow ugc">Masonry</a> – Creating a flexible grid layout with Masonry JS.</li> <li><a href="https://ajaxloadmore.com/examples/multiple-instances/" rel="nofollow ugc">Multiple Instances</a> – Include multiple Ajax Load More’ on a single page.</li> <li><a href="https://ajaxloadmore.com/examples/paging-urls/" rel="nofollow ugc">Paging URLs</a> – Generate unique paging URLs for every Ajax Load More query with the SEO add-on.</li> <li><a href="https://ajaxloadmore.com/examples/pause-loading/" rel="nofollow ugc">Pause Loading</a> – Posts will not load until initiated by the user.</li> <li><a href="https://ajaxloadmore.com/examples/pause-loading/" rel="nofollow ugc">Preloaded Posts</a> – Easily preload an initial set of posts before completing any Ajax requests to the server.</li> <li><a href="https://ajaxloadmore.com/examples/progress-bar/" rel="nofollow ugc">Progress Bar</a> – Display a progress bar load indicator with each Ajax request.</li> <li><a href="https://ajaxloadmore.com/examples/search-results/" rel="nofollow ugc">Search Results</a> – Returning results based on search terms.</li> <li><a href="https://ajaxloadmore.com/examples/scroll-container/" rel="nofollow ugc">Scroll Container</a> – Constrain Ajax Load More to a parent container.</li> <li><a href="https://ajaxloadmore.com/examples/seo-paging-add-ons/" rel="nofollow ugc">SEO & Paging</a> – Combine these two add-ons to create one powerful navigation system.</li> <li><a href="https://ajaxloadmore.com/examples/slideshow-gallery/" rel="nofollow ugc">Slideshow Gallery</a> – Create a gallery of posts with Ajax Load More and the Paging add-on.</li> <li><a href="https://ajaxloadmore.com/examples/table/" rel="nofollow ugc">Table Layout</a> – Ajax Load More will display query results in a table format.</li> </ul> → <a href="https://ajaxloadmore.com/examples/" rel="nofollow ugc">See All Examples</a> Note: The <a href="https://ajaxloadmore.com/templates/" rel="nofollow ugc">Templates Add-On</a> has been installed for use on each of our product demos. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/EQ57i6dkOew?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>Who Uses Ajax Load More?</h3> Ajax Load More is perfect for developers, bloggers, and store owners who want to: <ul> <li>Improve user experience by reducing page load times.</li> <li>Increase page views and ad revenue by keeping users on the page longer.</li> <li>Create a modern, seamless browsing experience.</li> <li>Simplify navigation on content-heavy sites.</li> <li>Enhance the look and feel of their website with custom templates and layouts.</li> <li>Easily integrate infinite scroll into any WordPress theme or plugin.</li> </ul> <h3>Add-ons</h3> The following <a href="https://ajaxloadmore.com/add-ons/" rel="nofollow ugc">add-ons</a> are available to etend and enhance the functionality of Ajax Load More. <ul> <li><a href="https://ajaxloadmore.com/add-ons/cache/" rel="nofollow ugc">Cache</a>: Improve website performance by caching the results of Ajax server requests.</li> <li><a href="https://ajaxloadmore.com/add-ons/call-to-actions/" rel="nofollow ugc">Call to Actions</a>: Extend Ajax Load More with advertisement and call to action content blocks.</li> <li><a href="https://ajaxloadmore.com/add-ons/comments/" rel="nofollow ugc">Comments</a>: Load and display WordPress blog comments using the core Ajax Load More infinite scroll functionality.</li> <li><a href="https://ajaxloadmore.com/add-ons/elementor/" rel="nofollow ugc">Elementor</a>: Add infinite scroll or load more to your Elementor Posts and WooCommerce listing widgets with Ajax Load More and the intuitive Elementor Widget Connector.</li> <li><a href="https://ajaxloadmore.com/add-ons/filters/" rel="nofollow ugc">Filters</a>: Front-end and admin functionality for creating, managing and displaying Ajax Load More filters.</li> <li><a href="https://ajaxloadmore.com/add-ons/layouts/" rel="nofollow ugc">Layouts</a>: Predefined responsive layouts for Ajax Load More repeater templates.</li> <li><a href="https://ajaxloadmore.com/add-ons/next-page/" rel="nofollow ugc">Next Page</a>: Infinite scroll multipage WordPress content with Ajax Load More and the Next Page add-on.</li> <li><a href="https://ajaxloadmore.com/add-ons/paging/" rel="nofollow ugc">Paging</a>: Replace the default lazy load/infinite scroll functionality of Ajax Load More with a numbered navigation system.</li> <li><a href="https://ajaxloadmore.com/add-ons/preloaded/" rel="nofollow ugc">Preloaded</a>: Load an initial set of posts before sending any Ajax requests to your server.</li> <li><a href="https://ajaxloadmore.com/add-ons/query-loop/" rel="nofollow ugc">Query Loop</a>: Infinite scroll the core WordPress Query Loop block</li> <li><a href="https://ajaxloadmore.com/add-ons/search-engine-optimization/" rel="nofollow ugc">SEO</a>: Generate unique paging URLs with each Ajax Load More query.</li> <li><a href="https://ajaxloadmore.com/add-ons/single-post/" rel="nofollow ugc">Single Post</a>: Enable infinite scrolling of single posts on your WordPress post templates.</li> <li><a href="https://ajaxloadmore.com/add-ons/templates/" rel="nofollow ugc">Templates</a>: Create and manage Repeater Templates on demand, as well as load templates directly from your theme directory.</li> <li><a href="https://ajaxloadmore.com/add-ons/woocommerce/" rel="nofollow ugc">WooCommerce</a>: Infinite scroll WooCommerce products with Ajax Load More.</li> </ul> <h3>Ajax Load More Pro</h3> The Ajax Load Pro bundle that provides access to all current and future Ajax Load More add-ons in a single installation! Save over 60% when you purchase the Pro bundle. → <a href="https://ajaxloadmore.com/pro/" rel="nofollow ugc">Update to Pro</a> <h3>Extensions</h3> The following FREE <a href="https://ajaxloadmore.com/extensions/" rel="nofollow ugc">extensions</a> are available to provide compatibility with popular WordPress plugins and core features. <ul> <li><a href="https://ajaxloadmore.com/extensions/advanced-custom-fields/" rel="nofollow ugc">Advanced Custom Fields</a>: Display field type data with Ajax Load More.</li> <li><a href="https://ajaxloadmore.com/extensions/relevanssi/" rel="nofollow ugc">Relevanssi</a>: Display Relevanssi search results with Ajax Load More.</li> <li><a href="https://ajaxloadmore.com/extensions/rest-api/" rel="nofollow ugc">REST API</a>: Enable compatibility with the WordPress REST API.</li> <li><a href="https://ajaxloadmore.com/extensions/searchwp/" rel="nofollow ugc">SearchWP</a>: Display SearchWP query results with Ajax Load More.</li> <li><a href="https://ajaxloadmore.com/extensions/terms/" rel="nofollow ugc">Term Query</a>: Infinite scroll WordPress Terms.</li> <li><a href="https://ajaxloadmore.com/extensions/users/" rel="nofollow ugc">Users</a>: Lazy loading WordPress Users with Ajax Load More.</li> </ul> <h3>Callback Functions</h3> Ajax Load More dispatches callbacks during various stages in the plugins lifecycle. Callback functions are dispatched directly from core Ajax Load More or one of the various add-ons. → <a href="https://ajaxloadmore.com/docs/callback-functions/" rel="nofollow ugc">View All Callback Functions</a> <h3>Filter Hooks</h3> Ajax Load More has a variety of WordPress <a href="https://ajaxloadmore.com/docs/filter-hooks/" rel="nofollow ugc">filters</a> in place that enable users to hook into Ajax Load More to insert or modify data. → <a href="https://ajaxloadmore.com/docs/filter-hooks/" rel="nofollow ugc">See All Filters</a> <h3>Variables</h3> Ajax Load More passes the following PHP <a href="https://ajaxloadmore.com/docs/variables/" rel="nofollow ugc">variables</a> to each repeater template – these template variables can help you style and transform your repeater templates. <ul> <li>$alm_current – Returns the current item number in the current Ajax Load More loop and will reset to zero with every ‘Load More’ action.</li> <li>$alm_page – Returns the current page number.</li> <li>$alm_item – Returns the current item number within your loop.</li> <li>$alm_found_posts – Returns the total number of posts found within the entire WordPress query.</li> </ul> <h3>Plugin Links</h3> <ul> <li><a href="https://ajaxloadmore.com/" rel="nofollow ugc">Official Website</a></li> <li><a href="https://ajaxloadmore.com/docs/" rel="nofollow ugc">Documentation</a></li> <li><a href="https://ajaxloadmore.com/add-ons/" rel="nofollow ugc">Premium Add-ons</a></li> <li><a href="https://ajaxloadmore.com/extensions/" rel="nofollow ugc">Free Extensions</a></li> <li><a href="https://github.com/dcooney/wordpress-ajax-load-more/" rel="nofollow ugc">Github</a></li> </ul> <h3>Please Review Ajax Load More!</h3> Your reviews make a big difference! Please consider taking the time to <a href="https://wordpress.org/support/view/plugin-reviews/ajax-load-more" rel="ugc">review my plugin</a>. Your ratings and reviews help the plugin grow and provide the motivation needed to keep pushing it forward. → <a href="https://wordpress.org/support/plugin/ajax-load-more/reviews/#new-post" rel="ugc">Leave a Review</a>

WordPress Plugin Directory

2.46M