LayerSlider WordPress Plugin patches a critical flaw
Take action: If you are using LayerSlider for WordPress, update it ASAP. It's exposed to the internet by design, so mitigation measures don't work.
Learn More
The LayerSlider plugin for WordPress was found to have a critical security vulnerability tracked as CVE-2024-2879 (CVSS score 9.8). LayerSlider, widely used worldwide, enables users to create animated and rich content for their websites.
The vulnerability was reported throgh a responsible disclosure on March 25.
This vulnerability is a type of SQL injection that could allow unauthenticated attackers to execute additional SQL queries. The core of the flow is insufficiently sanitized user-supplied parameters and could lead to the extraction of sensitive information, including password hashes, from databases.
Versions affected by this issue were 7.9.11 through 7.10.0, and it has been resolved in version 7.10.1 as of March 27, 2024.
