WordPress launched public bug bounty program.

WordPress launched public bug bounty program

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

WordPress launched public bug bounty program.

WordPress launched public bug bounty program.  It (CMS) has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. WordPress has been operating a private bug bounty program for several months.

Also, The WordPress Security Team published that WordPress is now officially onHackerOne.  And HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with cybersecurity researchers. WordPress launched public bug bounty program.

In addition, The program covers all the projects including WordPress, BuddyPress, bbPress, GlotPress, and WP-CLI as well as all of the websites including WordPress.org, bbPress.org, WordCamp.org, BuddyPress.org, and GlotPress.org.

The program is interested in reports about security issues like XSS, CSRF, SSRF, SQLi, RCE, and other flaws that affect the security of users.

 

WordPress launched public bug bounty program.

The bug bounty program generally isn’t interested in the following problems:
– Plugins Security issues.
– Reports about hacked websites.
– Users with privileges can post arbitrary JavaScript.
– Disclosure of user IDs.
– Also, Open API endpoints serving public data.
– Path disclosures for errors, warnings, and notices.
– disclosure of version number.
– Also, Mixed content warnings for passive assets like images and videos.
– Missing HTTP security headers (CSP, X-XSS, etc.)
– Also, Brute force, DDoS, phishing, text injection, and social engineering attacks.
– Any vulnerability with a CVSS 3 score lower than 4.0, and unless it can be combined with other security vulnerability to gain a higher score.
– Reports from automatic scanners.

We hope that after the program has been officially public, it will help security researchers to report security issues quickly.
To conclude, the program is interested in reports about security issues like XSS, CSRF, SSRF, SQLi, RCE, and other flaws that affect the security of users.  The WordPress launched public bug bounty program.
It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon
ALSO READ  Artificial Intelligence is designing clothing for Amazon