CVE-2022-2945: 
WordPress vulnerability analysis and mitigation

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3. The vulnerability was discovered in the 'type' parameter found in the almgetlayout() function, which was disclosed on September 6, 2022 (NVD).

The vulnerability exists in the almgetlayout() function where the 'type' parameter is not properly sanitized. This Directory Traversal vulnerability allows authenticated attackers with administrative permissions to read arbitrary files on the server through path traversal sequences. The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (Medium) by Wordfence with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (Wordfence Advisory).

When exploited, this vulnerability allows authenticated attackers with administrative privileges to read the contents of arbitrary files on the server. This could lead to exposure of sensitive information stored in server files, including configuration files and other critical system data (NVD).

The vulnerability was patched in version 5.5.4 of the WordPress Infinite Scroll – Ajax Load More plugin. Users should update to this version or later to mitigate the vulnerability (Plugin Changelog).