Security News > 2024 > April > Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
2024-04-03 05:11
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0. The issue has been addressed in version
News URL
https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- WordPress Security Checklist (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Security plugin flaw in millions of WordPress sites gives admin access (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Major security audit of critical FreeBSD components now available (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-03 | CVE-2024-2879 | SQL Injection vulnerability in Layerslider 7.10.0/7.9.11 The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |