In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress plugins and themes to us through our program.
The amount of bounties we have awarded is more than any third-party managed WordPress Bug Bounty Program in the history of WordPress.
We have been nothing short of thrilled by the contribution of talented researchers to our program, and the positive impact this work is having on the security of the WordPress ecosystem.
These amazing ethical hackers have discovered and reported some very dangerous vulnerabilities in WordPress plugins and themes that could have impacted millions of users.
00 paid for an undisclosed vulnerability in a plugin with 400,000 active installations.
00 paid for an authorization bypass to privilege escalation vulnerability in a plugin with 400,000 active installations $2,776.
00 paid for an unauthenticated remote code execution vulnerability in a plugin with 80,000 active installations.
We've already published 441 of those Vulnerabilities to our free Wordfence Intelligence Vulnerability Database.
Bug bounty is a unique method for discovering vulnerabilities that is community driven and very similar to the philosophy of open source software that is at the heart of WordPress and Wordfence.
When there are undiscovered security vulnerabilities in WordPress plugins and themes, it puts many of the 835 million websites powered by WordPress in danger.
The longer these vulnerabilities remain undiscovered, the longer bad actors have to discover them and exploit them to hack WordPress websites, steal information and identities, and do damage to millions of businesses that are powered by WordPress without WordPress site owners knowing or having adequate protection.
By encouraging independent ethical hackers to look for and submit bugs and vulnerabilities in WordPress plugins and themes, we find vulnerabilities much faster - which means you are protected faster.
Once a vulnerability is validated by our team, we ensure the Wordfence firewall has adequate protection for the perceived threat, and if not new vulnerability protection is added to the Wordfence firewall to protect our 5 million users.
Once our team verifies a vulnerability has been patched, or we've determined that a vendor is unresponsive or won't fix the issue, they are added to the Wordfence Intelligence vulnerability database.
This database is used to power the Wordfence vulnerability scanner to alert users that a plugin or theme needs an update, and is also free for organizations and enterprises to use via our API, webhooks, and Wordfence CLI. Bug Bounty Is A Great Way To Earn Money and Give Back For WordPress Developers and Ethical Hackers.
It's also a way for WordPress developers and bug bounty researchers to earn money by finding and reporting security flaws in popular WordPress software.
We're proud and happy to provide back to the community that is giving so much towards the security of the WordPress ecosystem.
It's not just about earning money - our platform offers a way for you to earn CVEs, build your bug bounty skills, and give back to the WordPress community while we freely share the vulnerability information with the community.
You can check out the resources at the bottom of this page to help you get started and learn how to find vulnerabilities, submit them, and earn money from the Wordfence bug bounty program.
We want to thank all of the amazing researchers who have joined the program, submitted vulnerabilities, and congratulate everyone who has earned rewards.
This Cyber News was published on www.wordfence.com. Publication date: Fri, 15 Mar 2024 15:43:06 +0000