LayerSlider WordPress插件数据库信息泄露风险

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes.

影响WordPress的LayerSlider插件的一个关键安全漏洞可能被滥用以从数据库中提取敏感信息，如密码哈希。

The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0.

该漏洞被指定为CVE-2024-2879，CVSS评分为10.0中的9.8。它被描述为影响从7.9.11到7.10.0版本的SQL注入案例。

The issue has been addressed in version 7.10.1 released on March 27, 2024, following responsible disclosure on March 25. "This update includes important security fixes," the maintainers of LayerSlider said in their release notes.

该问题已在2024年3月27日发布的7.10.1版本中得到解决，此前在3月25日进行了负责任的披露。LayerSlider的维护者在发布说明中表示：“此更新包括重要的安全修复。”

LayerSlider is a visual web content editor, a graphic design software, and a digital visual effects that allows users to create animations and rich content for their websites. According to its own site, the plugin is used by "millions of users worldwide."

LayerSlider是一个视觉网页内容编辑器、图形设计软件和数字视觉效果，允许用户为其网站创建动画和丰富内容。根据其官方网站，该插件被“全球数百万用户”使用。

The flaw discovered in the tool stems from a case of insufficient escaping of user supplied parameters and the absence of wpdb::prepare(), enabling unauthenticated attackers to append additional SQL queries and glean sensitive information, Wordfence said.

该工具中发现的漏洞源于未对用户提供的参数进行足够转义以及缺少wpdb::prepare()，使未经身份验证的攻击者能够附加额外的SQL查询并获取敏感信息，Wordfence表示。

That having said, the way the query is structured limits the attack surface to a time-based approach where an adversary would need to observe the response time of each request to steal information from the database.

然而，查询结构限制了攻击面，使对时间为基础的方法的敌对势力需要观察每个请求的响应时间以从数据库中窃取信息。

The development follows the discovery of an unauthenticated stored cross-site scripting (XSS) flaw in the WP-Members Membership Plugin (CVE-2024-1852, CVSS score: 7.2) that could facilitate the execution of arbitrary JavaScript code. It has been resolved in version 3.4.9.3.

在WP-Members Membership Plugin中发现了一个未经身份验证的存储跨站脚本（XSS）漏洞（CVE-2024-1852，CVSS评分：7.2），可以促进任意JavaScript代码的执行。它已在版本3.4.9.3中解决。

The vulnerability, due to insufficient input sanitization and output escaping, "makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page," the WordPress security company said.

由于输入未经充分消毒和输出未经逃逸，该漏洞“使未经身份验证的攻击者能够在页面中注入任意Web脚本，每当用户访问一个注入页面（即编辑用户页面）时将执行”，WordPress安全公司表示。

Should the code be executed in the context of an administrator's browser session, it can be used to create rogue user accounts, redirect site visitors to other malicious sites, and carry out other attacks, it added.

如果代码在管理员的浏览器会话上下文中执行，它可以用于创建恶意用户帐户，将站点访问者重定向到其他恶意站点，并执行其他攻击。

Over the past few weeks, security vulnerabilities have also been disclosed in other WordPress plugins such as Tutor LMS (CVE-2024-1751, CVSS score: 8.8) and Contact Form Entries (CVE-2024-2030, CVSS score: 6.4) that could be exploited for information disclosure and injecting arbitrary web scripts, respectively.

在过去几周中，还披露了其他WordPress插件中的安全漏洞，如Tutor LMS（CVE-2024-1751，CVSS评分：8.8）和Contact Form Entries（CVE-2024-2030，CVSS评分：6.4），可以分别用于信息泄露和注入任意Web脚本。

参考资料

[1]https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html

关注我们

        欢迎来到我们的公众号！我们专注于全球网络安全和精选双语资讯，为您带来最新的资讯和深入的分析。在这里，您可以了解世界各地的网络安全事件，同时通过我们的双语新闻，获取更多的行业知识。感谢您选择关注我们，我们将继续努力，为您带来有价值的内容。

原文始发于微信公众号（知机安全）：LayerSlider WordPress插件数据库信息泄露风险