Security News > 2024 > April > Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content on online platforms.
The flaw, which impacts versions 7.9.11 through 7.10.0 of the plugin, could allow attackers to extract sensitive data, such as password hashes, from the site's database, putting them at risk of complete takeover or data breaches.
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware.
Evasive Sign1 malware campaign infects 39,000 WordPress sites.
Hackers exploit critical RCE flaw in Bricks WordPress site builder.