PatchSiren

Ajax Load More CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Ajax Load More CVE published 2026-05-18

CVE-2026-6495

A reflected cross-site scripting (XSS) vulnerability exists in the Ajax Load More WordPress plugin before version 7.8.4. The plugin fails to sanitize and escape a parameter before rendering it in page output, enabling attackers to inject malicious scripts. Successful exploitation could compromise high-privilege user sessions, including administrators. The vulnerability carries a HIGH severity CVSS score o [truncated]