Security News > 2024 > April > Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
2024-04-03 05:11

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0. The issue has been addressed in version


News URL

https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-03 CVE-2024-2879 SQL Injection vulnerability in Layerslider 7.10.0/7.9.11
The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
layerslider CWE-89
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14