all InfoSec news
$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such as subscribers and customers to upload arbitrary files to a vulnerable site and achieve remote code execution.
Props to Lucio Sá who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty …
app bounty bug bug bounty customers february file file upload management plugin submission subscribers upload vulnerability woocommerce wordpress wordpress plugin worker