Headline
CVE-2022-2945
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the ‘type’ parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.
=== WordPress Infinite Scroll - Ajax Load More === Contributors: dcooney, connekthq Donate link: https://connekthq.com/donate/ Tags: infinite scroll, load more, ajax, lazy load, endless scroll, infinite scrolling, lazy loading, pagination, ajax, ajax posts, woocommerce, ajax load more, masonry Requires at least: 4.4 Requires PHP: 5.6 Tested up to: 6.0 Stable tag: 5.5.4 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html The ultimate infinite scroll and lazy load solution for your WordPress powered website. == Description == Ajax Load More is the ultimate WordPress infinite scroll plugin for lazy loading posts, single posts, pages, comments and more with Ajax powered queries. Build complex custom WordPress queries with the Ajax Load More shortcode builder then add the generated shortcode to your page via the content editor or directly into your template files. Ajax Load More is compatible for endless scrolling with popular eCommerce plugins such as WooCommerce and Easy Digital Downloads. → [Get More Information](https://connekthq.com/plugins/ajax-load-more/) ### Features - **Shortcode Builder** - Create your own custom Ajax Load More shortcode by adjusting the various WordPress query parameters in our easy-to-use shortcode builder (see Shortcode Parameters). - **Query Parameters** - Ajax Load More allows you to query WordPress by many different content types. Query by Post Type, Post Format, Date, Category, Tags, Custom Taxonomies, Search Term, Authors and more! - **Repeater Templates** - Edit and extend the functionality of Ajax Load More by creating your own repeater template to match the look and feel of your website (see screenshots). - **Multiple Instances** - You can include multiple instances of Ajax Load More on a single page, post or template. - **Ajax Filtering** - The Ajax Load More [custom filtering](https://connekthq.com/plugins/ajax-load-more/examples/filtering/) method will allow you to filter and update your Ajax query results. - **Multisite Compatibility** - Manage repeater templates across all sites in your network. - **Setting Panel** - Customize your version of Ajax Load More by updating various plugin settings. Check out the **[website](https://connekthq.com/plugins/ajax-load-more/)** for more information on the features and functionality of Ajax Load More. ### What’s New - **[Elementor Add-on](https://connekthq.com/plugins/ajax-load-more/add-ons/elementor/)** - Infinite scroll Elementor Posts Widget and WooCommerce widget content with Ajax Load More. - **[WooCommerce Add-on](https://connekthq.com/plugins/ajax-load-more/add-ons/woocommerce/)** - Infinite scroll WooCommerce products without updating a line of template code. - **[Pro Bundle](https://connekthq.com/plugins/ajax-load-more/pro/)** - Access to all premium Ajax Load More add-ons in a single installation. - **[Filters Add-on](https://connekthq.com/plugins/ajax-load-more/add-ons/filters/)** - The Filters add-on provides front-end and admin functionality for building and managing Ajax filters. - **[Advanced Custom Fields](https://connekthq.com/plugins/ajax-load-more/examples/advanced-custom-fields/)** - Compatibility and integration added for infinite scrolling Flexible Content, Gallery, Relationship and Repeater fields for Advanced Custom Fields. - **[Masonry](https://connekthq.com/plugins/ajax-load-more/examples/masonry/)** - Built-in support and functionality for Masonry layouts. - **[Progress Bars](https://connekthq.com/plugins/ajax-load-more/examples/progress-bar/)** - Display a Progress Bar load indicator with each Ajax request. - **[Scroll Container](https://connekthq.com/plugins/ajax-load-more/examples/scroll-container/)** - Constraining infinite scroll to a parent container. ### Content Types Ajax Load More can infinite scroll _almost_ any content type WordPress offers - from blog posts to multipage content to WooCommerce products - Ajax Load More can handle it all. Check out the examples below: - [Standard Posts](https://connekthq.com/plugins/ajax-load-more/examples/default/) - [Custom Post Types](https://connekthq.com/plugins/ajax-load-more/examples/masonry/) - [Pages](https://connekthq.com/plugins/ajax-load-more/examples/search-results/) - [Multipage Posts & Pages](https://connekthq.com/plugins/ajax-load-more/add-ons/next-page/next-page-default/) \* - [Single Posts](https://connekthq.com/ajax-load-more-posts/alm-post-example/) \* - [Comments](http://examples.connekthq.com/alm-comments/example-post/) \* - [Advanced Custom Fields](https://connekthq.com/plugins/ajax-load-more/examples/advanced-custom-fields/) _*Add-on required_ ### Parameters Ajax Load More accepts a variety of query and styling parameters that are passed to WordPress via shortcode or [PHP function](https://connekthq.com/plugins/ajax-load-more/docs/implementation-methods). These parameters allow you to customize the content of your infinite scroll by selecting query parameters such as Post Types, Taxonomies, Categories, Tags, etc… you can also control interactive properties such as button labels, scrolling options and transition styles. → [View Parameters](https://connekthq.com/plugins/ajax-load-more/docs/shortcode-parameters/) ### Shortcode Builder The Ajax Load More [Shortcode Builder](https://connekthq.com/plugins/ajax-load-more/docs/shortcode-builder/) provides an intuitive and easy-to-use admin interface that transforms complex WordPress queries into manageable shortcodes. → [View Shortcode Builder](https://connekthq.com/plugins/ajax-load-more/docs/shortcode-builder/) — #### Example Ajax Load More Shortcode [ajax_load_more post_type="post, portfolio" posts_per_page="6" button_label="Load More"] — #### Examples & Demos - **[Default](https://connekthq.com/plugins/ajax-load-more/examples/default/)** - Out of the box functionality and styling. - **[Advanced Custom Fields](https://connekthq.com/plugins/ajax-load-more/examples/advanced-custom-fields/)** - Infinite scroll Advanced Custom Fields data with Ajax Load More. - **[Attachments](https://connekthq.com/plugins/ajax-load-more/examples/attachments/)** - Endless scroll post attachments. - **[CSS Grid](https://connekthq.com/plugins/ajax-load-more/examples/css-grid/)** - Rendering Ajax Load More listings with CSS GridRe. - **[Destroy After](https://connekthq.com/plugins/ajax-load-more/examples/destroy-after/)** - Remove Ajax Load More functionality after ‘n’ number of pages. - **[Event Listing](https://connekthq.com/plugins/ajax-load-more/examples/event-listing/)** - Ordering and listing events by custom field date. - **[Filtering](https://connekthq.com/plugins/ajax-load-more/examples/filtering/)** - Reset and filter an Ajax Load More instance. - **[Infinite Scroll](https://connekthq.com/plugins/ajax-load-more/examples/infinite-scroll/)** - A look at the new loading functionality and styles. - **[Images Loaded](https://connekthq.com/plugins/ajax-load-more/examples/images-loaded/)** - Download images before displaying ajax loaded content. - **[Masonry](https://connekthq.com/plugins/ajax-load-more/examples/masonry/)** - Creating a flexible grid layout with Masonry JS. - **[Multiple Instances](https://connekthq.com/plugins/ajax-load-more/examples/multiple-instances/)** - Include multiple Ajax Load More’ on a single page. - **[Paging URLs](https://connekthq.com/plugins/ajax-load-more/examples/paging-urls/)** - Generate unique paging URLs for every Ajax Load More query with the SEO add-on. - **[Pause Loading](https://connekthq.com/plugins/ajax-load-more/examples/pause-loading/)** - Posts will not load until initiated by the user. - **[Preloaded Posts](https://connekthq.com/plugins/ajax-load-more/examples/pause-loading/)** - Easily preload an initial set of posts before completing any Ajax requests to the server. - **[Progress Bar](https://connekthq.com/plugins/ajax-load-more/examples/progress-bar/)** - Display a progress bar load indicator with each Ajax request. - **[Search Results](https://connekthq.com/plugins/ajax-load-more/examples/search-results/)** - Returning results based on search terms. - **[Scroll Container](https://connekthq.com/plugins/ajax-load-more/examples/scroll-container/)** - Constrain Ajax Load More to a parent container. - **[SEO & Paging](https://connekthq.com/plugins/ajax-load-more/examples/seo-paging-add-ons/)** - Combine these two add-ons to create one powerful navigation system. - **[Slideshow Gallery](https://connekthq.com/plugins/ajax-load-more/examples/slideshow-gallery/)** - Create a gallery of posts with Ajax Load More and the Paging add-on. - **[Table Layout](https://connekthq.com/plugins/ajax-load-more/examples/table/)** - Ajax Load More will display query results in a table format. → [See All Examples](https://connekthq.com/plugins/ajax-load-more/examples/) **Note**: The [Custom Repeater Add-On](AllExampleshttpsAllExampleshttpsAllExampleshttpshttps://connekthq.com/plugins/ajax-load-more/custom-repeaters/) has been installed for use on each of our product demos. [youtube https://www.youtube.com/watch?v=EQ57i6dkOew] ### Add-ons The following [add-ons](https://connekthq.com/plugins/ajax-load-more/add-ons/) are available to increase the functionality of Ajax Load More. - **[Cache](https://connekthq.com/plugins/ajax-load-more/add-ons/cache/)**: Improve website performance by caching the results of Ajax server requests. - **[Call to Actions](https://connekthq.com/plugins/ajax-load-more/add-ons/call-to-actions/)**: Extend Ajax Load More with advertisement and call to action content blocks. - **[Comments](https://connekthq.com/plugins/ajax-load-more/add-ons/comments/)**: Load and display WordPress blog comments using the core Ajax Load More infinite scroll functionality. - **[Custom Repeaters](https://connekthq.com/plugins/ajax-load-more/add-ons/custom-repeaters/)**: Create, modify and delete repeater templates as you need them with absolutely zero restrictions. - **[Elementor](https://connekthq.com/plugins/ajax-load-more/add-ons/elementor/)**: Add infinite scroll or load more to your Elementor Posts and WooCommerce listing widgets with Ajax Load More and the intuitive Elementor Widget Connector. - **[Filters](https://connekthq.com/plugins/ajax-load-more/add-ons/filters/)**: Front-end and admin functionality for creating, managing and displaying Ajax Load More filters. - **[Layouts](https://connekthq.com/plugins/ajax-load-more/add-ons/layouts/)**: Predefined responsive layouts for Ajax Load More repeater templates. - **[Next Page](https://connekthq.com/plugins/ajax-load-more/add-ons/next-page/)**: Infinite scroll multipage WordPress content with Ajax Load More and the Next Page add-on. - **[Paging](https://connekthq.com/plugins/ajax-load-more/add-ons/paging/)**: Replace the default lazy load/infinite scroll functionality of Ajax Load More with a numbered navigation system. - **[Preloaded](https://connekthq.com/plugins/ajax-load-more/add-ons/preloaded/)**: Load an initial set of posts before sending any Ajax requests to your server. - **[SEO](https://connekthq.com/plugins/ajax-load-more/add-ons/search-engine-optimization/)**: Generate unique paging URLs with each Ajax Load More query. - **[Single Post](https://connekthq.com/plugins/ajax-load-more/add-ons/single-post/)**: Enable infinite scrolling of single posts on your WordPress post templates. - **[Theme Repeaters](https://connekthq.com/plugins/ajax-load-more/add-ons/theme-repeaters/)**: Manage Ajax Load More repeater templates from within your current theme directory. - **[Users](https://connekthq.com/plugins/ajax-load-more/add-ons/users/)**: Lazy loading WordPress Users with Ajax Load More. - **[WooCommerce](https://connekthq.com/plugins/ajax-load-more/add-ons/woocommerce/)**: Infinite scroll WooCommerce products with Ajax Load More. ### Extensions The following free [extensions](https://connekthq.com/plugins/ajax-load-more/extensions/) are available to provide compatibility with popular WordPress plugins and core features. - **[Advanced Custom Fields](https://connekthq.com/plugins/ajax-load-more/extensions/advanced-custom-fields/)**: Display field type data with Ajax Load More. - **[Relevanssi](https://connekthq.com/plugins/ajax-load-more/extensions/relevanssi/)**: Display Relevanssi search results with Ajax Load More. - **[REST API](https://connekthq.com/plugins/ajax-load-more/extensions/rest-api/)**: Enable compatibility with the WordPress REST API. - **[SearchWP](https://connekthq.com/plugins/ajax-load-more/extensions/searchwp/)**: Display SearchWP query results with Ajax Load More. - **[Term Query](https://wordpress.org/plugins/ajax-load-more-for-terms/)**: Infinite scroll WordPress Terms. ### Callback Functions Ajax Load More dispatches callbacks during various stages in the plugins lifecycle. Callback functions are dispatched directly from core Ajax Load More or one of the various add-ons. → [View All Callback Functions](https://connekthq.com/plugins/ajax-load-more/docs/callback-functions/) ### Filter Hooks Ajax Load More has a variety of WordPress [filters](https://connekthq.com/plugins/ajax-load-more/docs/filter-hooks/) in place that enable users to hook into Ajax Load More to insert or modify data. → [See All Filters](https://connekthq.com/plugins/ajax-load-more/docs/filter-hooks/) ### Variables Ajax Load More passes the following PHP **[variables](https://connekthq.com/plugins/ajax-load-more/docs/variables/)** to each repeater template - these template variables can help you style and transform your repeater templates. - **$alm_current** - Returns the current item number in the current Ajax Load More loop and will reset to zero with every ‘Load More’ action. - **$alm_page** - Returns the current page number. - **$alm_item** - Returns the current item number within your loop. - **$alm_found_posts** - Returns the total number of posts found within the entire WordPress query. ### Plugin Links - [Official Website](https://connekthq.com/ajax-load-more/) - [Documentation](https://connekthq.com/plugins/ajax-load-more/docs/) - [Premium Add-ons](https://connekthq.com/plugins/ajax-load-more/add-ons/) - [Free Extensions](https://connekthq.com/plugins/ajax-load-more/extensions/) - [Github](https://github.com/dcooney/wordpress-ajax-load-more/) ### Please Review Ajax Load More! Your reviews make a big difference! Please consider taking the time to [review my plugin](https://wordpress.org/support/view/plugin-reviews/ajax-load-more). Your ratings and reviews help the plugin grow and provide the motivation needed to keep pushing it forward. → [Leave a Review](https://wordpress.org/support/plugin/ajax-load-more/reviews/#new-post) == Frequently Asked Questions == = What are the steps to getting Ajax Load More to display on my website = 1. Create your shortcode 2. Add the shortcode to your page, by adding it through the content editor or placing it directly within one of your template files. 3. Load a page with your shortcode in place and watch Ajax Load More fetch your posts. → [Read the Implementation Guide](https://connekthq.com/plugins/ajax-load-more/docs/implementation-guide/) = What are my server requirements? = Your server must be able to read/write/create files. Ajax Load More creates the default repeater on plugin activation and in order to modify the output we are required to write to the file as well. = Is the ajax functionality secure? = Yes, Ajax Load more uses admin-ajax and nonces in order to protect URLs and forms from being misused. = Can I make modifications to the plugin code? = Sure, but please be aware that if modifications are made it may affect future updates of the plugin. = Can I modify the repeater template? = Yes, visit the Repeater Template section in your WordPress admin. = How are my repeater templates saved? = Repeater template data is saved into your WordPress database as well as written directly to a repeater template .php file in the ajax-load-more plugin directory. = Can I use custom fields in a repeater? = Yes, but you will need to define $post at the top of the repeater before requesting your custom fields. Like so: global $post;theImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttpstheImplementationGuidehttps = Which browsers are supported? = - Firefox (Mac, PC, iOS) - Chrome (Mac, PC, iOS, Android) - Safari (Mac, iOS) - Opera - Android - IE11+ = How Can You Contribute? = Issues and pull requests can be submitted via [GitHub](https://github.com/dcooney/wordpress-ajax-load-more). — == Installation == How to install Ajax Load More. = Using The WordPress Dashboard = 1. Navigate to the ‘Add New’ in the plugins dashboard 2. Search for ‘Ajax Load More’ 3. Click ‘Install Now’ 4. Activate the plugin on the Plugin dashboard = Uploading in WordPress Dashboard = 1. Navigate to the ‘Add New’ in the plugins dashboard 2. Navigate to the ‘Upload’ area 3. Select `ajax-load-more.zip` from your computer 4. Click ‘Install Now’ 5. Activate the plugin in the Plugin dashboard = Using FTP = 1. Download `ajax-load-more.zip` 2. Extract the `ajax-load-more` directory to your computer 3. Upload the `ajax-load-more` directory to the `/wp-content/plugins/` directory 4. Activate the plugin in the Plugin dashboard == Screenshots == 1. Settings screen 2. Available Repeater Templates 3. Custom Repeaters Add-On 4. Shortcode Builder 5. Content Editor shortcode icon 6. Edit Page Shortcode Builder 7. Shortcode and implementation examples == Changelog == = 5.5.4 - August 19, 2022 = * NEW - Added new core setting for adding custom JavaScript. This new setting will allow for adding callbacks directly from the ALM settings page. * NEW: Added new `alm_seo_posts_per_page` filter to disable the posts_per_page protection in the SEO add-on. * NEW - Added new `alm_canonical_frontpage_trailing_slash` filter to remove the trailing slash from frontpage URLs. This is useful for add-ons to update the browser URL. * NEW - Added new `alm_allow_future_posts` filter to allow future posts for non-logged in users. `add_filter('alm_allow_future_posts’, ‘__return_true’);` * NEW - Added new `alm_button_wrap_classes` filter to add classes to the button wrapper element. * UPDATE: Added new `start` and `end` variables in the [Results](https://connekthq.com/plugins/ajax-load-more/docs/results-text) Text feature. This adds support for using Results Text with the Paging Add-on. * UPDATE: Normalized how the default.php Repeater Template is created on plugin activation. * FIX - Fixed PHP warnings displayed if ALM was added to a 404 page. * SECURITY - Fix for potential admin level exploit with Repeater exports. * SECURITY - Fix for potential admin level exploit with getting taxonomy terms in the Shortcode Builder. * SECURITY - Fix for potential admin level exploit with getting layout templates in the Repeater Template section of ALM. = 5.5.3 - June 24, 2022 = * UPDATE: Added support for lazy loading images with Blocksy Pro theme. * FIX: Fixed issue with potential xs scriptiing issue. [report](https://github.com/dcooney/wordpress-ajax-load-more/issues/183) = 5.5.2 - March 7, 2022 = * NEW: Added `alm_ajaxurl` filter that allows for filtering the admin-ajax URL. * FIX: Fixed issue with Filters add-on pagination links in `