Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
https://www.darkreading.com/remote-workforce/critical-security-flaw-wordpress-sql-injection