via wordfence.com => original post link
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure!
On January 30th, 2024, shortly after the launch of our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes.