Security News > 2024 > April > Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
2024-04-03 05:11
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0. The issue has been addressed in version
News URL
https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html
Related news
- WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw (source)
- Critical flaw in LayerSlider WordPress plugin impacts 1 million sites (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- Critical Forminator plugin flaw impacts over 300k WordPress sites (source)
- 73% of SME security pros missed or ignored critical alerts (source)
- 10 Critical Endpoint Security Tips You Should Know (source)
- DHS establishes AI Safety and Security Board to protect critical infrastructure (source)
- U.S. Government Releases New AI Security Guidelines for Critical Infrastructure (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-03 | CVE-2024-2879 | SQL Injection vulnerability in Layerslider 7.10.0/7.9.11 The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |