via wordfence.com => original post link
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!
On February 15th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Cross-Site Request Forgery to Local JS File Inclusion vulnerability in File Manager, a WordPress plugin with more than 1,000,000+ active installations. This vulnerability can be leveraged to achieve Remote Code Execution (RCE) via a forged request, provided an attacker can trick a site administrator into performing an action such as clicking on a link.