On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in Email Subscribers by Icegram Express, a WordPress plugin with more than 90,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to Arkadiusz Hydzik …
Read More
The post $1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence