Security News > 2024 > April > Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
2024-04-03 05:11
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0. The issue has been addressed in version
News URL
https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html
Related news
- Unpatched critical flaws impact Fancy Product Designer WordPress plugin (source)
- The ongoing evolution of the CIS Critical Security Controls (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-03 | CVE-2024-2879 | SQL Injection vulnerability in Layerslider 7.10.0/7.9.11 The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |