Lucene search
K

5 matches found

Qualys Blog
Qualys Blog
added 2024/04/22 2:0 p.m.26 views

WordPress LayerSlider Plugin: SQL Injection Vulnerability

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 7.5 out of 10.0, is identified as an SQL injection vulnerability...

5CVSS8.2AI score0.18402EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/04/03 5:11 a.m.104 views

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...

9.8CVSS10AI score0.18402EPSS
Exploits1
NVD
NVD
added 2024/04/03 4:15 a.m.33 views

CVE-2024-2879

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS9.7AI score0.18402EPSS
Exploits1References2
CVE
CVE
added 2024/04/03 3:24 a.m.158 views

CVE-2024-2879

The WordPress LayerSlider plugin (versions 7.9.11–7.10.0) is vulnerable to SQL injection via the ls_get_popup_markup action. The root cause is insufficient escaping of user-supplied parameters and inadequate preparation of the SQL query, allowing unauthenticated attackers to append additional SQL...

9.8CVSS8.1AI score0.18402EPSS
In wildExploits1References2Affected Software1
Patchstack
Patchstack
added 2024/04/02 12:0 a.m.17 views

WordPress LayerSlider Plugin 7.9.11 - 7.10.0 is vulnerable to SQL Injection

Software LayerSlider Type Plugin Vulnerable versions 7.9.11 - 7.10.0 Fixed in 7.10.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-2879 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f3cdf1aebfe3 Credits AmrAwad Required privilege Unauthenticated...

9.8CVSS6.8AI score0.18402EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder