At Kreatura, one of our core values is being worthy of trust. In the interest of transparency, we want to share the recently discovered security vulnerabilities affecting LayerSlider 7.7.9 and earlier versions.
On July 10, we received security reports about vulnerabilities found in LayerSlider, one of which was highly severe and required an immediate patch. Upon reading the report, we immediately started to work on an update, and LayerSlider 7.7.10 was released within 48 hours on July 12 with the appropriate security fixes.
None of the vulnerabilities can be exploited by a potential attacker to directly access your website. Instead, you would have to click on a malicious link or grant attackers some level of access to your WordPress dashboard. Nevertheless, we take security very seriously, and these types of attacks cannot be underestimated.
Further details of the vulnerabilities are not yet publicly disclosed. They will be published later by CVE authorities to prevent exploiting them before you can update to a secure version. We are not aware that the vulnerabilities have been exploited, and we can say with high certainty that no one was affected.
We are continuously looking for ways to ensure the security and quality of our products to ensure the safety of our customers. Please feel free to ask us anything if you have questions or concerns.