CVE-2024-2879

CRITICAL EXPLOITED NUCLEI

WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection

Title source: nuclei

Exploitation Summary

CVE-2024-2879 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including herculeszxc. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a scanner for CVE-2024-2879, an unauthenticated SQL injection vulnerability in LayerSlider WordPress plugin versions 7.9.11 and 7.10.0. The scanner checks for vulnerable versions by analyzing HTTP responses and includes manual testing instructions.

Description

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Exploits (1)

nomisec SCANNER 23 stars

by herculeszxc · infoleak

https://github.com/herculeszxc/CVE-2024-2879

View Code ZIP pw:eip

This repository provides a scanner for CVE-2024-2879, an unauthenticated SQL injection vulnerability in LayerSlider WordPress plugin versions 7.9.11 and 7.10.0. The scanner checks for vulnerable versions by analyzing HTTP responses and includes manual testing instructions.

Classification

Scanner 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: LayerSlider WordPress plugin 7.9.11, 7.10.0

No auth needed

Prerequisites: Target running vulnerable LayerSlider version · Network access to WordPress admin-ajax.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection

HIGHVERIFIEDby d4ly

References (2)

Core 2

Core References

Release Notes

https://layerslider.com/release-log/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/3fddf96e-029c-4753-ba82-043ca64b78d3?source=cve

Scores

CVSS v3 9.8

EPSS 0.9367

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-05-04

CWE

CWE-89

Status published

Products (2)

kreaturamedia/layerslider 7.9.11

kreaturamedia/layerslider 7.10.0

Published Apr 03, 2024

Tracked Since Feb 18, 2026