Wordfence's Bug Bounty Program offers up to $31,200 per vulnerability. On March 28, 2025, a vulnerability in the “Drag and Drop Multiple File Upload for WooCommerce” plugin was reported, allowing unauthenticated users to move critical files. Researcher Phat RiO earned $315 for the find. Users should update to version 1.1.5 to protect against this critical flaw, which could lead to site takeover. The vulnerability was disclosed and patched promptly by the developer.
6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin
