Published: 03/04/2024 Updated: 08/04/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated malicious users to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Vulnerable Product	Search on Vulmon	Subscribe to Product
layerslider layerslider 7.10.0
layerslider layerslider 7.9.11

CVE-2024-2879 - LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection

CVE-2024-2879 CVE-2024-2879 - LayerSlider 7911 - 7100 - Unauthenticated SQL Injection

About POC CVE-2024-22328 Exploit

Vulnerability in IBM Maximo Application Suite - CVE-2024-22328 Description 🚨 This exploit provides a unique opportunity to penetrate the IBM Maximo Application Suite system by using a specially crafted URL request with a "dot-dot" sequence (//) This allows bypassing all security mechanisms and gaining full access to the file system Now you can freely manage im

Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

BleepingComputer • Bill Toulas • 03 Apr 2024

Critical flaw in LayerSlider WordPress plugin impacts 1 million sites By Bill Toulas April 3, 2024 02:21 PM 1 A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content o...

CVE-2024-2879

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect