$2,063 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Ultimate Member WordPress Plugin

Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure!

On January 30th, 2024, shortly after the launch of our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged …

bounty bug bug bounty disclosure earn february injection january launch plugin responsible responsible disclosure running sql sql injection ultimate member unauthenticated vulnerabilities vulnerability wordfence wordpress wordpress plugin