all InfoSec news
$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes.
Props to AmrAwad who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $5,500.00 for this discovery during our Bug Bounty …
bounty bug bug bounty can data database extract injection march password plugin sensitive sensitive data sql sql injection submission unauthenticated vulnerability wordpress wordpress plugin