WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

VulnCheck KEV: CVE-2024-2879

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

CVE-2024-2879

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

EUVD-2023-51883

Malicious code in bioql PyPI...

EUVD-2024-44186

Malicious code in bioql PyPI...

EUVD-2023-51884

Malicious code in bioql PyPI...

CVE-2023-47786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LayerSlider plugin = 7.7.9 versions...

CVE-2023-47785

Cross-Site Request Forgery CSRF vulnerability in LayerSlider plugin = 7.7.9 versions...

CVE-2022-1153

The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

WordPressLayerSlider plugin 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin LayerSlider versions 7.11.0...

WordPress LayerSlider Plugin 7.11.0 is vulnerable to Cross Site Scripting (XSS)

Software LayerSlider Type Plugin Vulnerable versions 7.11.0 Fixed in 7.11.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 784644494489 Credits N/A Required privilege Published 24 May, 20...

CVE-2024-4575

The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lssearchform shortcode in version 7.11.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-4575 LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shortcode

The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lssearchform shortcode in version 7.11.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-4575 LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shortcode

The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lssearchform shortcode in version 7.11.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-4575

CVE-2024-4575 is a LayerSlider for WordPress vulnerability: LayerSlider 7.11.0 is affected by a Stored Cross-Site Scripting through the ls_search_form shortcode due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or higher, enablin...

PT-2024-31746 · WordPress · Layerslider

Name of the Vulnerable Software and Affected Versions: LayerSlider plugin for WordPress version 7.11.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ls search form shortcode due to insufficient input sanitization and output escaping on user-supplied attributes...

WordPress LayerSlider Plugin: SQL Injection Vulnerability

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 7.5 out of 10.0, is identified as an SQL injection vulnerability...

LayerSlider Plugin for WordPress 7.9.11 < 7.10.1 SQL Injection

The WordPress LayerSlider Plugin installed on the remote host is affected by an SQL Injection. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

LayerSlider WordPress Plugin Flaw Impacts Over 1 Million Sites

...

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...