The article discusses a recent discovery of an authenticated SQL Injection vulnerability in the Tutor LMS WordPress plugin. The vulnerability, found during the Bug Bounty Extravaganza, can allow attackers to extract sensitive data from the database. The researcher,...
The article discusses a recent submission of a stored Cross-Site Scripting (XSS) vulnerability in the Contact Form Entries WordPress plugin during the Bug Bounty Extravaganza event. The vulnerability allows threat actors with contributor-level permissions to inject...
The Wordfence Bug Bounty Program has been a huge success since its launch in November of last year, awarding over $153,000 in bounties to WordPress security researchers who have responsibly reported vulnerabilities in plugins and themes. This program has been...
The article discusses the discovery of an Arbitrary File Upload vulnerability in the Avada WordPress theme during a Bug Bounty Extravaganza event. The vulnerability, which affects versions up to and including 7.11.4 of the theme, allows authenticated attackers with...
The article discusses a Privilege Escalation vulnerability found in the Academy LMS WordPress plugin, affecting versions up to 1.9.19, which allows authenticated attackers to elevate their privileges to that of a site administrator. The vulnerability allows users to...
The article announces a Bug Bounty Extravaganza, offering increased bounty rates for vulnerabilities submitted through February 29, 2024, when Wordfence handles responsible disclosure. During the Bug Bounty Extravaganza, a SQL Injection vulnerability was discovered in...
Loading...
