Million+ Websites at Risk: Urgent Update for LayerSlider Plugin Flaw CVE-2024-2879
April 3, 2024A high-severity SQL injection vulnerability, labeled CVE-2024-2879, has been identified in the LayerSlider WordPress plugin.
The vulnerability is critical, with a CVSS score of 9.8, and affects over one million websites.
Attackers can exploit the flaw to access sensitive site data, such as password hashes.
The affected versions of the plugin range from 7.9.11 to 7.10.0.
Security researcher AmrAwad discovered the issue, which was then promptly fixed by the Kreatura Team.
The incident highlights the broader security challenges posed by WordPress plugins.
Site owners must prioritize security by updating plugins, with an immediate recommendation to upgrade LayerSlider to version 7.10.1.
Summary based on 7 sources
Get a daily email with more Tech stories
Sources
DEV Community • Apr 2, 2024
WordPress SecurityTechRadar pro • Apr 3, 2024
Another top WordPress plugin has a serious security flaw — patch now to keep your website safeBleepingComputer • Apr 3, 2024
Critical flaw in LayerSlider WordPress plugin impacts 1 million sitesThe Hacker News • Apr 3, 2024
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin