CVE-2026-15295: CWE-692 Incomplete Denylist to Cross-Site Scripting in dcooney Ajax Load More – Infinite Scroll, Load More, & Lazy Load
The WordPress plugin 'Ajax Load More – Infinite Scroll, Load More, & Lazy Load' suffers from a stored cross-site scripting (XSS) vulnerability in all versions up to and including 7.0.1. This…
Read the full article14h agoen
You might also wanna read
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
radar.offseq.com·54m ago
Wireshark 4.6.7 Released, (Sat, Jul 11th)
radar.offseq.com·54m ago
CVE-2026-9017: CWE-862 Missing Authorization in webaways NEX-Forms – Ultimate Forms Plugin for WordPress
radar.offseq.com·2h ago
CVE-2026-15010: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in robin-w bbp style pack
radar.offseq.com·2h ago
CVE-2026-6801: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in postmagthemes Context Blog
radar.offseq.com·3h ago
CVE-2026-12994: CWE-862 Missing Authorization in wclovers WCFM – Frontend Manager for WooCommerce
radar.offseq.com·3h ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.