Browse all 4 CVE security advisories affecting LayerSlider. AI-powered Chinese analysis, POCs, and references for each vulnerability.
LayerSlider is a premium WordPress plugin for creating animated sliders and visual content. Historically, it has been vulnerable to multiple security issues including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper permission checks. The plugin has accumulated four CVEs to date, with some versions allowing attackers to execute arbitrary code or inject malicious scripts through compromised forms or media uploads. Security researchers have identified persistent patterns of insecure coding practices, making it a frequent target in WordPress vulnerability scans. Proper input sanitization and access control remain critical areas for improvement in this widely used visual builder.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-4575 | LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shortcode — LayerSlider | 6.4 | Medium | 2024-05-23 |
| CVE-2024-2879 | WordPress Plugin LayerSlider SQL注入漏洞 — LayerSlider | 9.8 | Critical | 2024-04-03 |
| CVE-2023-47786 | WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS) — LayerSliderCWE-79 | 6.5 | Medium | 2023-11-22 |
| CVE-2023-47785 | WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Request Forgery (CSRF) — LayerSliderCWE-352 | 7.1 | High | 2023-11-22 |
This page lists every published CVE security advisory associated with LayerSlider. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.