Recent media reports have revealed a crucial LayerSlider plugin flaw. According to these reports, this flaw has exposed numerous WordPress sites to SQL attacks and infections. If exploited, the flaw allows users to add SQL queries, which, in turn, gives them access to sensitive information.

In this article, we’ll dive into the details of the LayerSlider plugin flaw, how it can be exploited, and what preventive measures can be taken to safeguard data. 

The LayerSlider Plugin Flaw Uncovered

According to media reports, this WordPress plugin vulnerability was discovered by a security researcher called AmrAwad. As of now, the flaw is being tracked as CVE-2024-2879 and currently has a CVSS score of 9.8 out of 10. It’s worth noting that such a high score signifies how critical this LayerSlider plugin flaw is and the consequences it entails.

The researcher who discovered the WordPress plugin vulnerability has been awarded a bounty of $5,500. It’s worth mentioning here that the plugin currently has over 1 million active installations. Reports claim that the LayerSlider plugin flaw is vulnerable to SQL injection attacks via the “is_get_popup_markup” action that is evident in versions 7.9.11 and 7.10.0. 

Providing further insights into the plugin that can be used to carry out SQL injection attacks, Wordfence has stated that it prevails “due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.”

Technical Analysis Of The WordPress Plugin Vulnerability

Experts who have examined the code state that it uses the “is_get_popup_markup()” function for querying slider markups. In this function, the id can be specified using the “Id” parameters. 

If the said parameter is not a number, it’s passed down to the “find()” function, which then queries the slider to construct a statement without the “prepare()” function. It’s important to note that this function is used to parameterize the SQL query, ensuring safe execution.

However, the LayerSlider plugin flaw, if exploited, can lead to an execution that does not require the function, which leads to vulnerable scenarios. In such cases, threat actors can carry out their malicious intentions and acquire sensitive information. 

Experts believe that a time-based blind approach is required to exploit the LayerSlider plugin flaw. Providing further insight, a statement from Wordfence reads: 

“This is an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities.”

What this essentially means is that threat actors would need to utilize SQL CASE statements along with “SLEEP()” and monitor the response time for each request to exploit the LayerSlider plugin flaw for information theft.

Mitigating The Risk Of LayerSlider Plugin Flaw Exploitation

As far as cyber threats are concerned, exploiting vulnerable WordPress plugins is a common trend among threat actors. Worldwide, a large number of businesses and individuals use WordPress. Given this, conducting a WordPress vulnerability assessment and learning to develop website data protection strategies are paramount. 

As for the LayerSlider plugin flaw, it’s evident in versions 7.9.11 through 7.10.0. A newer version that’s patched for protection against the exploitable LayerSlider plugin flaw is available. Given the severity of the flaw and the potential damages it can cause, businesses and individual users should upgrade to the latest version and safeguard their data.

Conclusion 

Recent events within the cyber threat landscape have led to the discovery of the LayerSlider plugin flaw. Threat actors can exploit this WordPress plugin vulnerability via SQL injections and acquire sensitive information. 

A patch providing protection against such exploitation efforts is available. Given the evolving nature and increasing prevalence of cybercrime, using robust online security measures is now essential for mitigating risk and ensuring data protection.

The sources for this piece include articles in The Hacker News and SecurityWeek.

The post LayerSlider Plugin Flaw Exposes 1M Sites To SQL Injections appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/layerslider-plugin-flaw-exposes-1m-sites-to-sql-injections/