LayerSlider 7.9.5 – Unauthenticated SQL Injection

2026.01.26

Credit: RERO

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2024-2879

CWE: CWE-89

Dork: inurl:"wp-content/plugins/LayerSlider"

LayerSlider WordPress plugin versions between 7.9.11 and 7.10.0 are affected by an unauthenticated SQL Injection vulnerability.

The vulnerability exists due to insufficient sanitization of user-supplied input, allowing an unauthenticated remote attacker to manipulate SQL queries executed by the application.

Successful exploitation could allow an attacker to extract sensitive information from the database or modify database content without authentication.

Updating the plugin to version 7.10.1 or later is strongly recommended to mitigate this vulnerability.

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2879

https://wpscan.com/vulnerability/e28e37b0-b11d-489c-bc77-12410cc91e24

https://www.wordfence.com/threat-intel/vulnerabilities/id/3fddf96e-029c-4753-ba82-043ca64b78d3

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

LayerSlider 7.9.5 – Unauthenticated SQL Injection

Dork: inurl:"wp-content/plugins/LayerSlider"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.