Million+ Websites at Risk: Urgent Update for LayerSlider Plugin Flaw CVE-2024-2879

April 3, 2024
Million+ Websites at Risk: Urgent Update for LayerSlider Plugin Flaw CVE-2024-2879
  • A high-severity SQL injection vulnerability, labeled CVE-2024-2879, has been identified in the LayerSlider WordPress plugin.

  • The vulnerability is critical, with a CVSS score of 9.8, and affects over one million websites.

  • Attackers can exploit the flaw to access sensitive site data, such as password hashes.

  • The affected versions of the plugin range from 7.9.11 to 7.10.0.

  • Security researcher AmrAwad discovered the issue, which was then promptly fixed by the Kreatura Team.

  • The incident highlights the broader security challenges posed by WordPress plugins.

  • Site owners must prioritize security by updating plugins, with an immediate recommendation to upgrade LayerSlider to version 7.10.1.

Summary based on 7 sources


Get a daily email with more Tech stories

Sources

WordPress Security

DEV Community • Apr 2, 2024

WordPress Security




More Stories