CVE-2024-2879 - LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection
CVE-2024-2879 CVE-2024-2879 - LayerSlider 7911 - 7100 - Unauthenticated SQL Injection
The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated malicious users to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
layerslider layerslider 7.10.0 |
||
layerslider layerslider 7.9.11 |
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites By Bill Toulas April 3, 2024 02:21 PM 1 A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content o...