Million+ Websites at Risk: Urgent Update for LayerSlider Plugin Flaw CVE-2024-2879

April 4, 2024
Million+ Websites at Risk: Urgent Update for LayerSlider Plugin Flaw CVE-2024-2879
Tech
Tech
Cybersecurity
Cybersecurity

  • A high-severity SQL injection vulnerability, labeled CVE-2024-2879, has been identified in the LayerSlider WordPress plugin.

  • The vulnerability is critical, with a CVSS score of 9.8, and affects over one million websites.

  • Attackers can exploit the flaw to access sensitive site data, such as password hashes.

  • The affected versions of the plugin range from 7.9.11 to 7.10.0.

  • Security researcher AmrAwad discovered the issue, which was then promptly fixed by the Kreatura Team.

  • The incident highlights the broader security challenges posed by WordPress plugins.

  • Site owners must prioritize security by updating plugins, with an immediate recommendation to upgrade LayerSlider to version 7.10.1.

Summary based on 7 sources

Get a daily email with more Tech stories

Sources

WordPress Security

DEV Community • Apr 2, 2024

WordPress Security
Another top WordPress plugin has a serious security flaw — patch now to keep your website safe

TechRadar pro • Apr 3, 2024

Another top WordPress plugin has a serious security flaw — patch now to keep your website safe
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

BleepingComputer • Apr 3, 2024

Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

The Hacker News • Apr 3, 2024

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

More Stories