via wordfence.com => original post link
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure!
On February 6th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Avada, a WordPress theme with more than 945,000 sales, though we expect the software is running on over one million sites. This vulnerability can be leveraged by authenticated attackers with contributor-level permissions and above to upload arbitrary files onto the server and achieve remote code execution.