Source evidence

<= 7.3.1.2 is vulnerable to Cross Site Scripting (XSS)

Ajax Load More – Infinite Scroll, Load More, & Lazy Load · support · 2025-05-13T11:11:00+00:00

Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin evidence original source source API

mixedsentiment

highseverity

0.88relevance

2replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

5 / 22 rows with source links

22.7% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

17 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

Exo resolved

<= 7.3.1.2 is vulnerable to Cross Site Scripting (XSS) I see 2 days ago an update mentioned here but still 7.3.1.2 showing, but is there a fix coming soon as my security plugins & hosting company alert me daily regarding your plugin (i.e. Solid Security plugin scans my sites daily) This topic was modified 1 year ago by Exo . The page I need help with: [ log in to see the link] This should be fixed in 7.3.1.2 but I’ll reach out to patchstack to find out why it’s not be listed as fixed on their website. Also, you really should avoid posting about XSS on public forums. There are other ways to contact plugin developers. Thanks Darren, Hopefully 7.3.1.2 has fixed it and as you suggest Patchstack need to update their records if it’s an error. Also, I hear you about discussing XSS, but if you Google this plugin – it’s high up in the results (1st page) via WordFence news etc, so I don’t think support forums will reveal much more than already public and more obvious via search engines. Hopefully in weeks to come such discussions disappear and of course this is a Low priority security issue, I only posted as it’s an annoyance than security as I also do have faith in this plugin. All the best. This reply was modified 1 year ago by Exo .

Commercial Context

Opportunity

performance monitoring and client reporting

Lazy Load speed regression monitoring for keeping sites fast and proving optimization work

Buyer: site owners, agencies, and maintenance teams

Wedge: detect lazy load slowdowns, cache conflicts, asset regressions, and client-report impact

Proof Blocked card complete market

Analysis

heuristic-v1

Summary: <= 7.3.1.2 is vulnerable to Cross Site Scripting (XSS): users show security, bugs, support pain that may indicate a product gap.

Evidence quote: <= 7.3.1.2 is vulnerable to Cross Site Scripting (XSS) <= 7.3.1.2 is vulnerable to Cross Site Scripting (XSS) I see 2 days ago an update mentioned here but still 7.3.1.2 showing, but is there a fix coming soon as my security plugins & hosting company alert me daily regarding your plugin (i.e.

Affected feature: security

security bugs support reliable

Plugin

API

Ajax Load More – Infinite Scroll, Load More, & Lazy Load

40.0K active installs · 2.5M downloads · rating 96.0

ajax load more endless scroll infinite scroll lazy load load more

Comments

2 shown

Darren Cooney 2025-05-13T12:35:00+00:00

This should be fixed in 7.3.1.2 but I’ll reach out to patchstack to find out why it’s not be listed as fixed on their website. Also, you really should avoid posting about XSS on public forums. There are other ways to contact plugin developers.

Exo 2025-05-13T12:41:00+00:00

Thanks Darren, Hopefully 7.3.1.2 has fixed it and as you suggest Patchstack need to update their records if it’s an error. Also, I hear you about discussing XSS, but if you Google this plugin – it’s high up in the results (1st page) via WordFence news etc, so I don’t think support forums will reveal much more than already public and more obvious via search engines. Hopefully in weeks to come such discussions disappear and of course this is a Low priority security issue, I only posted as it’s an annoyance than security as I also do have faith in this plugin. All the best. This reply was modified 1 year ago by Exo .