CVE-2025-59582
published 2025-09-22CVE-2025-59582: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Retrieve…
PriorityP336medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
0.66%
47.0th percentile
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Retrieve Embedded Sensitive Data.This issue affects Ajax Load More: from n/a through <= 7.6.0.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| darren_cooney | ajax_load_more | <= 7.6.0.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure
nuclei
CVE-2025-59582 Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure
Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure
The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.0.2. The plugin's AJAX endpoint (wp_ajax_nopriv_alm_get_posts) allows unauthenticated users to access non-public posts (draft, private, pending, future, trash) by
injecting post_status via the custom_args parameter, which bypasses the post_status authorization check in class-alm-queryargs.php.
Template:
id: CVE-2025-59582
info:
name: Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure
author: pussycat0x
severity: medium
description: |
The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all vers
No writeups or analysis indexed.
2025-09-22
Published