Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope.
Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning.
We're continuously developing and enhancing our program and tools to support the increasing volume of submissions from our researchers.
Our critical mission is to provide the best possible experience and opportunities for bug bounty hunting in WordPress, aligning with our overarching goal to Secure the Web.
We are not just aiming to enhance WordPress security, but to revolutionize the Bug Bounty landscape within the WordPress community.
Feedback indicated that our previous overview was cumbersome and laden with legal jargon.
The new design consolidates all necessary information into a single page with easy tab navigation, removing barriers and encouraging quicker start times for researchers eager to discover vulnerabilities in WordPress.
You can view all of these updates in our Bug Bounty Program Overview.
Recognizing the significant leap from our standard tier to the elite 1337 tier, we've introduced the 'Resourceful Researcher' tier.
This new tier, with a lower barrier to entry and a broader scope, enables researchers to focus more on hunting impactful vulnerabilities.
In-scope targets include the 15,000 to 50,000 active installations range -a roughly 94% increase in the number of eligible plugins in the WordPress repository.
Understanding the potential rewards can be challenging for researchers when left with vague information.
By making our internal bounty estimator public, we aim to clarify the possible earnings from submissions, helping researchers prioritize their efforts for maximum return.
To recognize our most prolific contributors, we've expanded our range of achievement badges up to 750 submitted vulnerabilities, ensuring that top researchers are adequately acknowledged for their efforts.
Our bug bounty extravaganza is coming to a close this month on May 27th. We've decided to permanently increase our bounties effective May 28th so that our top rewards are $10,000+.
Other adjustments will be made to continue rewarding impactful research while sustaining the program long term.
We'd like to continue the success we've seen over the last 6 months, while also continuing to drive more research towards high impact vulnerabilities.
Next, we plan to enhance our researchers' experience with a seamless new dashboard for managing submissions.
Following that, our focus will shift towards vendors to streamline the vulnerability disclosure process.
In closing, we extend a huge thank you to our researchers who dedicate their time to improving the WordPress ecosystem, to the vendors who swiftly implement patches, and to the WordPress.org security team for their invaluable support.
This Cyber News was published on www.wordfence.com. Publication date: Tue, 14 May 2024 15:13:06 +0000