via wordfence.com => original post link
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!
On April 22th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Reflected Cross-Site Scripting (XSS) vulnerability in Yoast SEO, a WordPress plugin with more than 5 million active installations. This vulnerability makes it possible for an unauthenticated attacker to craft a request that contains malicious JavaScript. If the attacker is able to trick a site administrator into performing an action, the malicious JavaScript executes, making it possible for the attacker to create new admin users, redirect victims, or engage in other harmful attacks.