Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.