CVE-2015-10140

high

Description

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

References

https://wpscan.com/vulnerability/9f0c926e-0609-4c89-a724-88e16bcfa82a

Details

Source: Mitre, NVD

Published: 2025-07-22

Updated: 2025-07-25

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H