WordPress admins using the LayerSlider plugin on their websites must update their sites with the latest plugin release as soon as possible. The plugin developers patched a critical security vulnerability in LayerSlider that could allow SQL injection attacks from unauthenticated attackers.
LayerSlider Plugin Had A Critical SQL Injection Vulnerability
According to a recent report from Wordfence, a security researcher found a critical vulnerability in the popular WordPress plugin LayerSlider. The researcher discovered an SQL injection flaw that could let an adversary steal data.
Specifically, the vulnerability affected the plugin’s ls_get_popup_markup action. The plugin uses this action to query sliders markup for popup, allowing to specify “id” with the ‘id’ parameter. However, in case of no specific number in the parameter, the plugin would pass the query without sanitization, ultimately allowing SQL injection. The researchers have explained the technicality behind this flaw in their report.
Exploiting the vulnerability requires the adversary to use a time-based blind approach to steal data. Regarding this approach, Wordfence stated,
Since Union-Based SQL injection is not possible due to the structure of the query, an attacker would need to use a time-based blind approach to extract information from the database. This means that they would need to use SQL CASE statements along with the
SLEEP()command while observing the response time of each request to steal information from the database. This is an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities.
This vulnerability, CVE-2024-2879, received a critical severity rating and a CVSS score of 9.8. The flaw typically affected LayerSlider plugin versions 7.9.11–7.10.0.
Vulnerability Addressed With Latest Plugin Release
Following the researchers’ report, the developers patched the vulnerability with plugin release 7.10.1. While the plugin’s official website lists the latest release with some security fixes, it hasn’t described the exact patches. Nonetheless, Wordfence confirmed version 7.10.1 as the latest release; hence, this is the version that users should upgrade to.
LayerSlider is a popular WordPress plugin that helps developers build attractive websites without much coding. Its usefulness has earned it over 1,000,000 active installations, which, on the other hand, also hints at the massive security risk this plugin can pose if exploited. To prevent the threat, WordPress admins running this plugin should immediately update their sites with the latest release.
Let us know your thoughts in the comments.