Wordfence Launches Bug Bounty Program

Wordfence launched a bug bounty program today to provide financial incentive for security researchers reporting high risk vulnerabilities to the company’s program.

After researchers disclose vulnerabilities to Wordfence, the company triages them and confidentially discloses them to the vendors to fix. When the fix is released, the vulnerability will be included in Wordfence’s public database, which is free to access, following a responsible disclosure policy.

“There is no cap on the rewards an individual researcher can earn, and every single in-scope vulnerability received via our submissions process earns a reward bounty,” Wordfence security analyst Chloe Chamberland said.

Wordfence will reward researchers who discover vulnerabilities in plugins and themes with 50,000+ active installations. A few examples of the payouts include the following:

• $1,600 for an Unauthenticated Arbitrary File Upload, a Remote Code Execution, a Privilege Escalation to Admin, or an Arbitrary Options Update in a plugin or theme with over one million active installations.
• $1,060 for an Unauthenticated Arbitrary File Deletion in a plugin or theme with over one million active installations, assuming wp-config.php can easily be deleted.
• $800 for

[…]

Wordfence Launches Bug Bounty Program Keep Reading »
#Blogging #WordPress #BloggingTips #BlogChat