Critical vulnerability discovered in LayerSlider plugin installed on a million WordPress sites​


WordPress security firm Defiant warns that sensitive data could be extracted from website databases by exploiting a critical SQL injection vulnerability in the LayerSlider plugin.

LayerSlider, a WordPress slider plugin with over one million active installations, combines visual web content editing, digital visual effects, and graphic design functionality into a single solution. The critical vulnerability, CVE-2024-2879 (CVSS score of 9.8), exists because the plugin’s slider popup markup query functionality was implemented insecurely, allowing attackers to inject malicious SQL queries.

Wordfence also explains that an attacker would have to use a time-based blind approach to obtain the sensitive information.

Read More : Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.