April 3, 2024 at 02:28PM
LayerSlider, a popular WordPress plugin with over one million users, has been found to be vulnerable to unauthenticated SQL injection, allowing attackers to extract sensitive data from websites. Researcher AmrAwad received a $5,500 bounty for reporting this critical flaw, which has been addressed by the release of version 7.10.1, requiring immediate action from site admins.
Key Points from Meeting Notes:
1. LayerSlider, a popular WordPress plugin, was found to be vulnerable to unauthenticated SQL injection, posing a severe security risk to over a million websites using versions 7.9.11 through 7.10.0. This flaw, discovered by researcher AmrAwad, had a CVSS score of 9.8.
2. The vulnerability, tracked as CVE-2024-2879, allowed attackers to extract sensitive data from the site’s database, potentially leading to complete takeover or data breaches.
3. The issue stemmed from the plugin’s ‘ls_get_popup_markup’ function, which failed to properly sanitize the ‘id’ parameter, enabling attackers to inject malicious SQL code into queries.
4. Although the attack was limited to time-based blind SQL injection, it still posed a significant threat by allowing unauthorized access to sensitive information without any authentication requirement. This was exacerbated by the fact that the queries were not prepared using WordPress’s ‘$wpdb->prepare()’ function.
5. Upon notification, the creators of LayerSlider, Kreatura Team, promptly released a security update (version 7.10.1) within 48 hours to address the critical vulnerability.
6. All users of LayerSlider are strongly advised to upgrade to version 7.10.1 to safeguard their websites.
7. Additionally, WordPress site admins are reminded to keep their plugins updated, disable unnecessary plugins, use strong passwords, and deactivate dormant accounts to enhance overall security.
Please let me know if you need further information or clarification on any of these points.