Critical Vulnerability in WordPress LayerSlider Plugin

Published on 04 Apr 2024

LayerSlider has released updates to address a critical vulnerability (CVE-2024-2879) affecting their LayerSlider plugin for WordPress. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

The LayerSlider plugin is a visual web content editor, a graphic design software, and a digital visual effects application that allows users to create animations and rich content for their websites.

Successful exploitation of the SQL injection vulnerability could allow unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information such as password hashes from the database.

The vulnerability affects LayerSlider versions from 7.9.11 through 7.10.0 inclusive.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://layerslider.com/release-log/

https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html

https://www.wordfence.com/blog/2024/04/5500-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-layerslider-wordpress-plugin/