A researcher recently discovered a critical vulnerability in LayerSlider, a premium WordPress plugin used by over 1 million websites.
The flaw exposes impacted websites to unauthenticated SQL injection attacks, letting potential attackers retrieve significant data.
LayerSlider, the vulnerable plugin, is a popular tool that lets website owners create image galleries, animations, and responsive sliders.
Tracked as CVE-2024-2879, the SQL injection vulnerability, which has a CVSS score of 9.8 and is flagged as critical, affects plugin versions 7.9.11 through 7.10.0. It was discovered by researcher AmrAwad on March 25, 2024, and submitted to the bug bounty program of WordPress security firm Wordfence.
As the flaw description reads, the weak spot is the plugin’s ls_get_popup_markup
action, “due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.”
This shortcoming could let attackers append additional SQL queries into existing ones, weaponizing them to steal data, including sensitive user information and password hashes.
To make matters worse, threat actors could perform these attacks without authenticating on vulnerable websites.
Following a SQL injection attack, the extracted data could let attackers breach confidential information and seize complete control of the affected website.
Full takeovers of affected websites could seriously affect visitors, who would likely be unaware that a malicious entity has taken control.
In this scenario, attackers could further exploit the situation by pushing malware-laced content on unsuspecting visitors, stealthily harvesting their data, leading them to phishing forms, or redirecting them to other malicious destinations.
According to Wordfence’s report, the “prepare() function would parameterize and escape the SQL query for safe execution in WordPress, thereby providing protection against SQL injection attacks.”
After being promptly notified of the issue, the plugin’s developer, Kreatura Team, released a security update in less than 48 hours.
The shortcoming has been patched in version 7.10.1 of the LayerSlider plugin; users are advised to update to the latest version to avoid SQL injection attacks targeting vulnerable versions of the plugin.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024