What is CVE-2015-10140?

CVE-2015-10140 is a vulnerability in Ajax Load More, classified under CWE-862 MISSING AUTHORIZATION. Published 2025-07-22.

Is CVE-2015-10140 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ajax Load More

CVE-2015-10140

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

EPSS: 0.739 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Ajax Load More — versions 0

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores

References

wpscan.com/vulnerability/9f0c926e-0609-4c89-a724-88e16bcfa82a (technical-description, exploit, vdb-entry)

Frequently asked questions

What is CVE-2015-10140?: CVE-2015-10140 is a vulnerability in Ajax Load More, classified under CWE-862 MISSING AUTHORIZATION. Published 2025-07-22.
Is CVE-2015-10140 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.