A critical security flaw has been discovered in the LayerSlider plugin for WordPress, allowing attackers to access sensitive information from databases. This vulnerability, known as CVE-2024-2879, has a high CVSS score of 9.8. The flaw, which affects versions 7.9.11 through 7.10.0, is related to SQL injection.
The maintainers of LayerSlider have released version 7.10.1 to address this issue, emphasizing the importance of updating to ensure security. LayerSlider is a popular tool used by millions of users worldwide for creating animations and rich content on websites.
According to Wordfence, the vulnerability is due to a lack of proper handling of user input, allowing unauthenticated attackers to insert additional SQL queries and access sensitive data. This highlights the importance of implementing secure coding practices in web development.
In addition to this security issue, other vulnerabilities have been reported in WordPress plugins such as WP-Members Membership Plugin, Tutor LMS, and Contact Form Entries. It is essential for website owners to stay informed about these vulnerabilities and promptly apply patches to protect their sites from potential cyber attacks.
Source link
