Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program

Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope.
Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning.
We're continuously developing and enhancing our program and tools to support the increasing volume of submissions from our researchers.
Our critical mission is to provide the best possible experience and opportunities for bug bounty hunting in WordPress, aligning with our overarching goal to Secure the Web.
We are not just aiming to enhance WordPress security, but to revolutionize the Bug Bounty landscape within the WordPress community.
Feedback indicated that our previous overview was cumbersome and laden with legal jargon.
The new design consolidates all necessary information into a single page with easy tab navigation, removing barriers and encouraging quicker start times for researchers eager to discover vulnerabilities in WordPress.
You can view all of these updates in our Bug Bounty Program Overview.
Recognizing the significant leap from our standard tier to the elite 1337 tier, we've introduced the 'Resourceful Researcher' tier.
This new tier, with a lower barrier to entry and a broader scope, enables researchers to focus more on hunting impactful vulnerabilities.
In-scope targets include the 15,000 to 50,000 active installations range -a roughly 94% increase in the number of eligible plugins in the WordPress repository.
Understanding the potential rewards can be challenging for researchers when left with vague information.
By making our internal bounty estimator public, we aim to clarify the possible earnings from submissions, helping researchers prioritize their efforts for maximum return.
To recognize our most prolific contributors, we've expanded our range of achievement badges up to 750 submitted vulnerabilities, ensuring that top researchers are adequately acknowledged for their efforts.
Our bug bounty extravaganza is coming to a close this month on May 27th. We've decided to permanently increase our bounties effective May 28th so that our top rewards are $10,000+.
Other adjustments will be made to continue rewarding impactful research while sustaining the program long term.
We'd like to continue the success we've seen over the last 6 months, while also continuing to drive more research towards high impact vulnerabilities.
Next, we plan to enhance our researchers' experience with a seamless new dashboard for managing submissions.
Following that, our focus will shift towards vendors to streamline the vulnerability disclosure process.
In closing, we extend a huge thank you to our researchers who dedicate their time to improving the WordPress ecosystem, to the vendors who swiftly implement patches, and to the WordPress.org security team for their invaluable support.


This Cyber News was published on www.wordfence.com. Publication date: Tue, 14 May 2024 15:13:06 +0000


Cyber News related to Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program

Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
8 months ago Wordfence.com
Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin - Later on January 10th, 2024 we received an interesting malware submission demonstrating how a Cross-Site Scripting vulnerability in single plugin can allow an unauthenticated attacker to inject an arbitrary administrative account that can be used to ...
10 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Wordfence just launched its bug bounty program. Last week, there were 109 vulnerabilities disclosed in 98 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 33 ...
11 months ago Wordfence.com
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin - On February 15th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Injection vulnerability in Tutor LMS, a WordPress plugin with more than 80,000+ active installations. Props to Muhammad Hassham ...
8 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 95 vulnerabilities disclosed in 65 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 33 Vulnerability Researchers that contributed to WordPress ...
9 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there ...
11 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability ...
10 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there ...
10 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 122 vulnerabilities disclosed in 110 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 52 Vulnerability Researchers that contributed to WordPress ...
9 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there ...
10 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there ...
10 months ago Wordfence.com
30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin - On April 10th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Execution vulnerability in Visualizer, a WordPress plugin with more than 30,000 active installations. Props to Krzysztof Zając who ...
6 months ago Wordfence.com
8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin - The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, ...
2 months ago Wordfence.com
Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin - On February 24th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a stored Cross-Site Scripting vulnerability in Contact Form Entries, a WordPress plugin with more than 60,000+ active installations. The vulnerability ...
8 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 134 vulnerabilities disclosed in 110 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress ...
6 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 52 vulnerabilities disclosed in 42 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 26 Vulnerability Researchers that contributed to WordPress ...
10 months ago Wordfence.com
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
1 year ago Bleepingcomputer.com
Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin - Wordfence just launched its bug bounty program. On December 5th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for a PHP Code Injection vulnerability in Backup Migration, a WordPress plugin with over 90,000+ ...
11 months ago Wordfence.com
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin - On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability ...
10 months ago Wordfence.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information - This vulnerability could be used by authenticated attackers, with authenticated access, to update arbitrary options and leverage that for privilege escalation. Props to Lucio Sá who discovered and responsibly reported this vulnerability through the ...
9 months ago Wordfence.com
Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program - Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope. Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning. We're ...
6 months ago Wordfence.com
WordPress Security Research: A Beginner's Series - Over the coming months, this series will be presented through multiple blog posts, each delving into the fundamentals of WordPress's architecture and security mechanisms while featuring real-world examples of vulnerabilities and their exploitation. ...
5 months ago Wordfence.com
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
7 months ago Wordfence.com
Backup Migration WordPress Plugin Flaw Impacts 90,000 Sites - Security researchers have warned users of a popular WordPress plugin that they need to patch urgently or risk their site being remotely hijacked. Security vendor Wordfence has revealed a new PHP code injection vulnerability with a CVSS score of 9.8, ...
11 months ago Infosecurity-magazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)