{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4775", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-15T13:49:53.891Z", "datePublished": "2025-06-17T01:44:10.890Z", "dateUpdated": "2026-04-08T16:56:48.200Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:48.200Z"}, "affected": [{"vendor": "dcooney", "product": "Ajax Load More \u2013 Infinite Scroll, Load More, & Lazy Load", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.4.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "WordPress Infinite Scroll \u2013 Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/614bdce2-bd87-4516-b1a5-028ffc08b238?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ajax-load-more/tags/7.3.1.2/build/frontend/ajax-load-more.min.js"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "timeline": [{"time": "2025-05-13T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-06-16T12:28:44.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-17T13:41:00.037039Z", "id": "CVE-2025-4775", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T13:41:14.481Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4775", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-17T13:41:00.037039Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T13:41:05.404Z"}}], "cna": {"title": "WordPress Infinite Scroll \u2013 Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "dcooney", "product": "Ajax Load More \u2013 Infinite Scroll, Load More, & Lazy Load", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.4.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-13T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-06-16T12:28:44.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/614bdce2-bd87-4516-b1a5-028ffc08b238?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ajax-load-more/tags/7.3.1.2/build/frontend/ajax-load-more.min.js"}], "descriptions": [{"lang": "en", "value": "The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:48.200Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4775", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:56:48.200Z", "dateReserved": "2025-05-15T13:49:53.891Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-17T01:44:10.890Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento WordPress Infinite Scroll \u2013 Ajax Load More para WordPresse es vulnerable a cross site scripting almacenado a trav\u00e9s del atributo HTML data-button-label en todas las versiones hasta la 7.4.0.1 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-4775", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-17T02:15:19.867", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ajax-load-more/tags/7.3.1.2/build/frontend/ajax-load-more.min.js"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/614bdce2-bd87-4516-b1a5-028ffc08b238?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:12:12.531235+00:00", "value": {"mitigation_remediation": ["Upgrade the Ajax Load More plugin to a version newer than 7.4.0.1.", "If an upgrade is temporarily infeasible, strip or encode the data-button-label attribute before rendering it, ensuring that any stored value is escaped as plain text.", "Immediately remove or purge any pages or posts that have been compromised by malicious data-button-label entries to eliminate the existing stored payloads.", "Consider revoking Contributor privileges for accounts that are no longer needed to reduce the attack surface."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the Ajax Load More \u2013 Infinite Scroll plugin from dcooney, in any revision up to and including version 7.4.0.1.", "description_and_impact": "The vulnerability lies in an inadequate sanitization and escaping routine for the data-button-label attribute in the Ajax Load More plugin. An authenticated user with Contributor-level privilege or higher can insert arbitrary HTML or JavaScript code that the plugin stores and later renders on pages that use the infinite\u2011scroll feature. When another user views the affected page, the injected script executes in that user's browser context, allowing the attacker to steal session cookies, deface content, or redirect users to malicious sites. The vulnerability directly compromises a site\u2019s confidentiality and integrity for all visitors to the affected pages.", "risk_and_exploitability": "The CVSS score of 6.4 indicates a moderate severity, while an EPSS score of less than 1\u202f% suggests that the likelihood of exploitation in the wild is currently low. The vulnerability is not listed in the CISA KEV catalog. Attackers are required to authenticate with at least Contributor privileges within the affected WordPress installation to inject a payload, thus limiting the threat to sites with unauthorized or compromised contributor accounts. Once injected, however, the stored XSS executes automatically for any site visitor, making the impact far\u2011reaching for each load on populated page."}}}}, "created": "2026-04-21T20:15:44.579691+00:00", "updated": "2026-04-21T20:15:44.579706+00:00", "vendors": []}