Outage in Liquid Web

Vulnerability on LayerSlider Plugin - WordPress

Resolved Minor

April 03, 2024 - Started 30 days ago - Lasted about 24 hours
Official incident page

Need to monitor Liquid Web outages?
Stay on top of outages with IsDown. Monitor the official status pages of all your vendors, SaaS, and tools, including Liquid Web, and never miss an outage again.
Start Free Trial

Outage Details

Our team has been made aware of a vulnerability in the LayerSlider Plugin used on WordPress. The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. More information can be found here: https://www.wordfence.com/blog/2024/04/5500-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-layerslider-wordpress-plugin/ All users of the LayerSlider Plugin are strongly encouraged to upgrade to version 7.10.1, which has the issue fixed. We appreciate your patience in the matter and if you have any questions, please contact a member of our support team via live-chat, ticket, or by phone at (800)-580-4985, (517)-322-0434 (international).

Latest Updates ( sorted recent to last )

RESOLVED 29 days ago - at 04/04/2024 05:07PM

This has been resolved.

IDENTIFIED 29 days ago - at 04/04/2024 12:23PM

All users of the LayerSlider Plugin are strongly encouraged to upgrade to version 7.10.1, where the vulnerability is patched in the plugin code itself.

We appreciate your patience in the matter and if you have any questions, please contact a member of our support team via live-chat, ticket, or by phone at (800)-580-4985, (517)-322-0434 (international).

IDENTIFIED 30 days ago - at 04/03/2024 05:29PM

Our team has been made aware of a vulnerability in the LayerSlider Plugin used on WordPress.

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

More information can be found here: https://www.wordfence.com/blog/2024/04/5500-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-layerslider-wordpress-plugin/

All users of the LayerSlider Plugin are strongly encouraged to upgrade to version 7.10.1, which has the issue fixed.

We appreciate your patience in the matter and if you have any questions, please contact a member of our support team via live-chat, ticket, or by phone at (800)-580-4985, (517)-322-0434 (international).

Latest Liquid Web outages

Premium Business Email Webmail Issues - about 1 hour ago

Premium Business Email Webmail Issues - 3 days ago

Network Flooding - 4 days ago

Phone Issues - 6 days ago

Degraded IPsec VPN on VMware Edge gateways - 15 days ago

The easiest way to monitor Liquid Web and all cloud vendors

With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.

Start free trial

No credit card required · Cancel anytime · 3155 services available

Integrations with Slack Microsoft Teams Google Chat Datadog PagerDuty Zapier Discord Webhook

Setup in 5 minutes or less

How much time you'll save your team, by having the outages information close to them?

14-day free trial · No credit card required · Cancel anytime

Start today for FREE