Your WordPress site might be at a risk. Review its safety measures or tools as a significant security breach has put more than 1 million WordPress websites at risk lately. The threat is said to have been originated from a critical vulnerability found in a WordPress plugin called LayerSlider. You might be aware of this popular plugin and it is now somehow allowing attackers to access sensitive data. Even the password of the dashboard has been compromised.
Security researcher firm AmrAwad discovered the vulnerability. It has assigned a high severity rating for the plugin. The threat is tracked as CVE-2024-2879. The threat is affecting versions 7.9.11 and 7.10.0 of LayerSlider. It is learned that attackers can inject malicious SQL queries into the plugin and exploit its weak security measures to extract valuable information.
AmrAwad said that it has responsibly disclosed the vulnerability to cybersecurity company Wordfence, which further notified the developers of LayerSlider. A patch in version 7.10.1 has thereafter been released to fix the issue.
However, the risk persists for websites that are not using the updated version. Attackers could still exploit this vulnerability to compromise sensitive data. Hence, it is posing a significant threat to website owners as well as their users or visitors.
The incident highlights the importance of maintaining the security of WordPress websites. Vulnerabilities in plugins can provide attackers a gateway to valuable information stored on websites.
Ensuring the security of WordPress sites is important for individual website owners and simultaneously it is also essential for the overall safety of the internet. With strong security of the WordPress ecosystem we can help safeguard the vast amount of sensitive data that are stored online.
