Source evidence

Critical security vulnerability in version 7.3.1.2

Ajax Load More – Infinite Scroll, Load More, & Lazy Load · support · 2025-05-15T13:30:00+00:00

Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin evidence original source source API

mixedsentiment

highseverity

0.94relevance

4replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

5 / 22 rows with source links

22.7% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

17 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

Dominik Kozmáli resolved

Wordfence shows me a critical vulnerability in your Ajax Load More plugin in version: 7.3.1.2 I’m also attaching the page from wordfence warning with more details: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ajax-load-more/ajax-load-more-7312-authenticated-contributor-stored-cross-site-scripting And a screenshot of the displayed warning from wordfence: https://imgur.com/a/vquHIX3 PS.: I have disabled the plugin on the site for now. Thanks for solving the problem, best regards Dominik This topic was modified 1 year ago by Dominik Kozmáli . @dominokozmali This is fixed in 7.3.1.2 but Patchstack is being very slow at reviewing the patch. Patchstack also powers Wordfence so that’s why you are seeing this error. I’ve reached out to them again this morning and hopefully they will close this issue ASAP. https://wordpress.org/support/topic/7-3-1-2-is-vulnerable-to-cross-site-scripting-xss/ TBH – It’s a real stretch to even call this issue a “critical” vulnerability. Actually, looks like I may have missed one of the issues 🤦‍♂️ 7.3.1.3 should hopefully resolve any issues. Super (thank you for quick answer! :)), I updated to version 7.3.1.3 and ran a new Wordfence scan and so far it looks promising, it doesn’t show it as an error 🙂 We’ll see when the scan is finished – I’ll write and close the ticket when it’s done 🙂 This reply was modified 1 year ago by Dominik Kozmáli . This reply was modified 1 year ago by Dominik Kozmáli . This reply was modified 1 year ago by Dominik Kozmáli . Hi, the Wordfence scan has been completed and it’s OK now. So the problem is solved 🙂 Have a nice day

Commercial Context

Opportunity

performance monitoring and client reporting

Lazy Load speed regression monitoring for keeping sites fast and proving optimization work

Buyer: site owners, agencies, and maintenance teams

Wedge: detect lazy load slowdowns, cache conflicts, asset regressions, and client-report impact

Proof Blocked card complete market

Analysis

heuristic-v1

Summary: Critical security vulnerability in version 7.3.1.2: users show security, bugs, performance pain that may indicate a product gap.

Evidence quote: Critical security vulnerability in version 7.3.1.2 Wordfence shows me a critical vulnerability in your Ajax Load More plugin in version: 7.3.1.2 I’m also attaching the page from wordfence warning with more details: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ajax-load-more/ajax-load-more-7312-authenticated-contributor-stored-cros

Affected feature: security

security bugs performance support

Plugin

API

Ajax Load More – Infinite Scroll, Load More, & Lazy Load

40.0K active installs · 2.5M downloads · rating 96.0

ajax load more endless scroll infinite scroll lazy load load more

Comments

4 shown

Darren Cooney 2025-05-15T13:45:00+00:00

@dominokozmali This is fixed in 7.3.1.2 but Patchstack is being very slow at reviewing the patch. Patchstack also powers Wordfence so that’s why you are seeing this error. I’ve reached out to them again this morning and hopefully they will close this issue ASAP. https://wordpress.org/support/topic/7-3-1-2-is-vulnerable-to-cross-site-scripting-xss/ TBH – It’s a real stretch to even call this issue a “critical” vulnerability.

Darren Cooney 2025-05-15T14:07:00+00:00

Actually, looks like I may have missed one of the issues 🤦‍♂️ 7.3.1.3 should hopefully resolve any issues.

Dominik Kozmáli 2025-05-15T15:38:00+00:00

Super (thank you for quick answer! :)), I updated to version 7.3.1.3 and ran a new Wordfence scan and so far it looks promising, it doesn’t show it as an error 🙂 We’ll see when the scan is finished – I’ll write and close the ticket when it’s done 🙂 This reply was modified 1 year ago by Dominik Kozmáli . This reply was modified 1 year ago by Dominik Kozmáli . This reply was modified 1 year ago by Dominik Kozmáli .

Dominik Kozmáli 2025-05-15T15:53:00+00:00

Hi, the Wordfence scan has been completed and it’s OK now. So the problem is solved 🙂 Have a nice day