A popular Wordpress plugin, Layerslider, boasts over a million installs and is vulnerable to unauthenticated SQL injection, which could extract sensitive data, including password hashes, from the database.
The vulnerability — CVE-2024-2879 with a CVSS score of 9.8 — affects Layerslider versions 7.9.11 through 7.10.0. It allows attackers to inject malicious SQL queries and steal sensitive information from the database, which can also be used to take over a website completely.
Layerslider developer Kreatura told Candid.Technology that they estimate there are less than 30,000 affected websites.
Layerslider patched the flaw in version 7.10.1, released on March 27. Anyone using the plugin is recommended to update to the latest version.
“Thankfully, this issue only affected two releases with a relatively small portion of the overall user base. We are unaware of any active exploits, but it’s critical for LayerSlider 7.9.11 – 7.10.0 users to update as soon as possible,” Kreatura told Candid.Technology.
Layerslider describes itself as an amalgamation of a visual web content editor, graphic design software, and digital visual effects app. The plugin can create dynamic visual content for websites, including animations, slides, galleries, and more.
“Given the severity of this case, we immediately started working on a patch once we read the report. We fixed the vulnerability and released an update within a few hours. We also sent out an in-app notification for the affected version users, urging them to update as soon as possible,” Kreatura added. “Usage statistics tend to lag, and assessing them can be tricky due to how LayerSlider is distributed in several WordPress themes, but we currently estimate the affected count of websites to be less than 30,000.”
In the News: PandaBuy breach leaked the data of 1.3 million people
The SQL injection flaw was reported on March 25 by AmrAwad, who was awarded a $5500 bug bounty reward by Wordfence, a Wordpress security plugin, who then contacted Kreatura.
While the vulnerability is rated critical, Layerslider’s changelog for the patched version says, “This update includes important security fixes”. However, the team deserves praise for fixing the issue within 48 hours.
According to Wordfence, the “Is_get_popup_markup” action makes the Layerslider plugin vulnerable to SQL injection “due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query”. This can aid an attacker in adding SQL queries at the end of the existing ones and using them to extract information.
In the News: OpenAI lets premium users edit DALL-E images within ChatGPT