all InfoSec news
30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
On April 10th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Execution vulnerability in Visualizer, a WordPress plugin with more than 30,000 active installations. This vulnerability can be leveraged for privilege escalation among many other actions.
Props to Krzysztof Zając who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $985.00 for this discovery during our Bug Bounty Program Extravaganza. Our mission …
actions april bounty bug bug bounty can escalation plugin privilege privilege escalation sql submission vulnerability wordpress wordpress plugin wordpress sites