via wordfence.com => original post link
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!
On April 14th, 2024, during our Bug Extravaganza, we received a submission for an Arbitrary Options Update vulnerability in WP Datepicker, a WordPress plugin with more than 10,000 active installations. This vulnerability could be used by authenticated attackers, with subscriber-level access and above, to update arbitrary options which can easily be leveraged for privilege escalation.