Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

April 3, 2024 at 09:18AM

A critical SQL injection vulnerability in the LayerSlider plugin, tracked as CVE-2024-2879 with a CVSS score of 9.8, allows unauthenticated attackers to extract sensitive information from website databases. The issue was reported through Defiant’s bug bounty program, and a $5,500 reward was given to the reporting researcher. Users are advised to update to version 7.10.1 immediately.

Key Takeaways from the Meeting Notes:

1. Critical SQL Injection Vulnerability: The LayerSlider plugin has a critical SQL injection vulnerability (tracked as CVE-2024-2879) with a CVSS score of 9.8. This vulnerability allows unauthenticated attackers to extract sensitive information like password hashes from website databases.

2. Vulnerability Details: The vulnerability exists due to insecure implementation of the plugin’s slider popup markup query functionality, which allows attackers to inject malicious SQL queries. The flaw was reported through Defiant’s bug bounty program, and the reporting researcher received a $5,500 reward for the finding.

3. Impact and Patching: The vulnerability impacts versions 7.9.11 and 7.10.0 of the plugin. To address the issue, LayerSlider released version 7.10.1 on March 27. Users are urged to update their installations promptly to protect their websites.

4. Information Disclosure and Remedy: Attackers can exploit the vulnerability to extract sensitive data from databases. It was noted that an attacker would need to take a time-based blind approach to obtain the sensitive information. Wordfence advises updating the plugin as soon as possible.

Please let me know if you need any further details or if there are specific actions needed based on these takeaways.

Full Article