A critical vulnerability in the WordPress plugin LayerSlider could allow unauthenticated attackers to extract password hashes via SQL injection. The bug, tracked as CVE-2024-2879, has a CVSS score of 9.8 and affects LayerSlider versions 7.9.11 through 7.10.0.
Source: SC Magazine