The article discusses a recent discovery of an authenticated SQL Injection vulnerability in the Tutor LMS WordPress plugin. The vulnerability, found during the Bug Bounty Extravaganza, can allow attackers to extract sensitive data from the database. The researcher,...
The article discusses a recent submission of a stored Cross-Site Scripting (XSS) vulnerability in the Contact Form Entries WordPress plugin during the Bug Bounty Extravaganza event. The vulnerability allows threat actors with contributor-level permissions to inject...
The Wordfence Bug Bounty Program has been a huge success since its launch in November of last year, awarding over $153,000 in bounties to WordPress security researchers who have responsibly reported vulnerabilities in plugins and themes. This program has been...
The article discusses a Privilege Escalation vulnerability discovered in the RegistrationMagic WordPress plugin during the Bug Bounty Extravaganza event on February 26, 2024. The vulnerability allowed authenticated attackers to grant themselves administrative...
The article highlights a Privilege Escalation vulnerability in miniOrange’s Malware Scanner and Web Application Firewall WordPress plugins, affecting over 10,000+ and 300+ active installations respectively. The vulnerability allows unauthenticated attackers to grant...
The article discusses a recently discovered unauthenticated stored Cross-Site Scripting (XSS) vulnerability in the Ultimate Member WordPress plugin, which has over 200,000 active installations. The vulnerability was identified by a researcher named stealthcopter...