Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-2879
HistoryApr 03, 2024 - 4:15 a.m.

CVE-2024-2879

2024-04-0304:15:11
CWE-89
[email protected]
web.nvd.nist.gov
5
layerslider
wordpress
sql injection
vulnerability
unauthenticated attackers
sensitive information extraction
cve-2024-2879

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected configurations

Nvd
Node
layersliderlayersliderMatch7.9.11wordpress
OR
layersliderlayersliderMatch7.10.0wordpress
VendorProductVersionCPE
layersliderlayerslider7.9.11cpe:2.3:a:layerslider:layerslider:7.9.11:*:*:*:*:wordpress:*:*
layersliderlayerslider7.10.0cpe:2.3:a:layerslider:layerslider:7.10.0:*:*:*:*:wordpress:*:*

Related

cve 1
wordfence 2
vulnrichment 1
githubexploit 1
cvelist 1
qualysblog 1
wpvulndb 1
nuclei 1
thn 1
cve
cve
CVE-2024-2879
2024-04-03 04:15:11
wordfence
wordfence
$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin
2024-04-02 15:15:24
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
2024-04-11 17:23:36
vulnrichment
vulnrichment
CVE-2024-2879
2024-04-03 03:24:41
githubexploit
githubexploit
Exploit for SQL Injection in Layerslider
2024-04-08 18:50:02
cvelist
cvelist
CVE-2024-2879
2024-04-03 03:24:41
qualysblog
qualysblog
WordPress LayerSlider Plugin: SQL Injection Vulnerability
2024-04-22 14:00:00
wpvulndb
wpvulndb
LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection
2024-04-02 00:00:00
nuclei
nuclei
WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection
2024-04-05 11:06:40
thn
thn
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
2024-04-03 05:11:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON
Related for NVD:CVE-2024-2879
cve1wordfence2vulnrichment1githubexploit1cvelist1qualysblog1wpvulndb1nuclei1thn1