A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
  • somethingsomethingidk@lemmy.worldEnglish
    7·
    3 months ago

    However, to exploit the flaw requires a “a time-based blind approach” on the part of attackers to extract database information, which is “an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities,” according to Wordfence.

    I wouldn’t call that intricate. It’s pretty standard to try it since you get immidiate feedback that you can inject sql statements.

  • friend_of_satan@lemmy.worldEnglish
    41·
    3 months ago

    Again! This kind of thing is why I quit using Wordpress over a decade ago. Static sites don’t have this problem and serve a lot of people’s needs better than a dynamic site.