Posted 4/3/2024, 6:21:38 PM
Critical Security Flaw Found in Popular WordPress Plugin LayerSlider, Impacting Over 1 Million Users
- LayerSlider plugin for WordPress sites impacts over 1 million users and has critical SQL injection flaw (CVSS score 9.8)
- Bug bounty hunter AmrAwad discovered flaw, reported it, and received $5,500 reward
- Flaw impacts versions 7.9.11 through 7.10.0; allows unauthorized data extraction including passwords
- Kreatura Team quickly fixed in update 7.10.1, released within 48 hours of report
- WordPress admins urged to update plugin, disable unused plugins, use strong passwords to mitigate risk