The LayerSlider plugin for WordPress (versions between 7.9.11 and 7.10.0) is vulnerable to an Unauthenticated SQL Injection. It is mandatory to immediately update to the latest patched version of the plugin that solves the problem. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. LayerSlider Plugin 7.9.11 – 7.10.0 - Unauthenticated SQL Injection Plugin slug: LayerSlider Update to version: 7.10.1 The breach can be done trough the ls_get_popup_markup action due to insufficient escaping on the user supplied parameter...
SQLi (SQL Injection)
WordPress Core 6.0.3 Security Release
On October 17, 2022, the WordPress core team released WordPress version 6.0.3, which contains patches for a total of 16 vulnerabilities, including SQL injection, stored XSS, open redirect, data exposure and cross-site request forgery vulnerabilities. The good news is that most of these are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. Anyway because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site...
WordPress Core 6.0.2 Security and Maintenance Release
On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. WordPress <= 6.0.1 - Authenticated...
Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin <= 13.1.5
On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending them to an existing SQL query and affected versions are <= 13.1.4. This could be used to extract sensitive information like password hashes and secret keys from the database. Later on a new vulnerability has been discovered by Muhammad Zeeshan for versions <= 13.1.5 (including the patched...
What Is SQL Injection (SQLi)
Improper Neutralization of Special Elements used in an SQL Command The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to...
Standard Plan
$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee
WordPress Maintenance and Security Updates
We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.
Save $360/yearly (30%)
and avoid $149 set-up fee!
Save additional 1610% NOW!
Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards
Available for websites with themes and plugins from WordPress.org repository only.
Sign up for the security newsletter