Major LayerSlider WordPress plugin Exposes Millions of Sites to Data Theft ( CVE-2024-2879)

Bar Refael

April 3, 2024

A critical vulnerability has been discovered in the widely used LayerSlider WordPress plugin, posing a significant risk of data theft for over a million websites. Identified as CVE-2024-2879, this SQL injection flaw allows attackers to bypass security measures and access sensitive data from WordPress databases without authentication.

Vulnerability Details:

  • CVE ID: CVE-2024-2879
  • CVSS Score: 9.8 (Critical)
  • Affected Software: LayerSlider WordPress plugin
  • Vulnerability Type: SQL Injection
  • Impact: Data theft, including user credentials and customer information

Incident Overview:

Security researcher Amr Awad, during Wordfence’s Bug Bounty Extravaganza, discovered that the LayerSlider plugin’s ls_get_popup_markup() function improperly sanitized input, specifically the ‘id’ parameter. This flaw enables attackers to perform a time-based blind SQL injection, a sophisticated method that quietly extracts data from the database.

Affected Population:

The LayerSlider plugin, with over a million active installations, is extensively used across WordPress sites, including commercial platforms that handle customer data. The flaw affects those on versions prior to the recently patched 7.10.1.

Mitigation Recommendations:

  • Immediate Update: Users should upgrade to LayerSlider version 7.10.1 or later, which contains fixes for the vulnerability.
  • Regular Maintenance: Keep all components of WordPress sites, including core software, plugins, and themes, up to date.
  • Enhance Security Posture: Implement a Web Application Firewall (WAF) to detect and prevent SQL injection and other web-based attacks.

Conclusion:

The discovery of CVE-2024-2879 underscores the critical importance of maintaining up-to-date software to safeguard against potential data breaches. WordPress site administrators are advised to act promptly to update the affected plugin and review security practices to protect sensitive information.

Stay Secure. Stay Informed.

OP Innovate Research Team.

Under Cyber Attack?

Fill out the form and we will contact you immediately.

Get OP Innovate CTI Alerts

Leave your email and get critical updates and alerts straight to your inbox