🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 8th, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary Post Deletion vulnerability in LeadConnector, a WordPress plugin with more than 20,000 active installations. This vulnerability could be used by unauthenticated attackers to delete arbitrary posts or pages. Props to Krzysztof Zając who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $197.00 for this discovery during our Bug Bounty Program Extravaganza. Our mission is to Secure the Web, which is why we are investing in quality vulnerability research and collaborating with researchers of this caliber through our Bug Bounty Program. We are committed to making the WordPress ecosystem more secure, which ultimately makes the entire web more secure. Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on February 9, 2024. Sites using the free version of Wordfence received the same protection on March 10, 2024. We contacted the LeadConnector Team on February 8, 2024. After not receiving a reply we escalated the issue to the WordPress.org Security Team on March 8, 2024. After…Read More