Chloe Chamberland
October 8, 2024

Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!

Calling all vulnerability researchers! Get ready to immerse yourselves in the world of WordPress security with the Wordfence Cybersecurity Month Spooktacular Haunt, running from now through November 11th, 2024!

What’s Happening During This Cybersecurity Month Spooktacular Haunt?

In celebration of Cybersecurity Awareness Month and the ‘Secure Our World‘ theme for this year, we’re brewing up some extra-exciting opportunities to propel our mission to Secure the Web. The Cybersecurity Month Spooktacular Haunt gives researchers the chance to earn spooktacularly good rewards while fortifying the WordPress ecosystems’s defenses against vulnerabilities.

Check out these haunting highlights:

  • Increased Scope for Researchers: The fog has lifted, and a broader range of targets awaits! Standard Researchers and Resourceful Researchers can now submit vulnerabilities in plugins and themes with 1,000 or more active installations to earn a bounty, a significant expansion from the previous active install count minimum of 50,000 & 15,000 respectively.
  • Increased Pending Report Limits for all Researchers: The number of pending reports each researcher can have is expanding so everyone can maximize their returns during the promotion.
    • Standard Researchers: Your pending report limit has been increased to 30, six-times the standard limit.
    • Resourceful Researchers: Your pending report limit has been increased to 45, triple the standard limit.
    • 1337 Researchers: Your pending report limit has been increased to 60, double the standard limit.
  • Resourceful Researchers and 1337 Researchers will earn an automatic 10% – 120% bonus on all submissions in software up to 5,000,000 Active Installs
    • Resourceful Researchers will earn an automatic bonus of 10% to 60% on all accepted submissions (excluding 5,000,000+ active installations, which are still part of the WordPress Superhero Challenge). This bonus scales with the active installation count of the targeted software.
    • 1337 Researchers will earn an automatic bonus of 20% to 120% on all accepted submissions (excluding 5,000,000+ active installations, which are still part of the WordPress Superhero Challenge). Again, this bonus scales with the active installation count of the chosen software. Please note: this will replace the standard 5% bonus on those submissions for this tier.
  • The Superhero Challenge has also been extended through November 11, 2024. This means you can earn up to $31,200 for high impact finds in plugins and themes with >= 5,000,000 Active Installations.

For a detailed breakdown of the bonus structure and what’s in scope, refer to our bonus chart here:

 

All bonuses have been factored into the bounty estimator, so the best place to get an idea of how much you can earn for any given vulnerability is the bounty estimator located here: https://www.wordfence.com/threat-intel/bug-bounty-program/#rewards

Wordfence’s Commitment to WordPress Security

Wordfence remains committed to advancing WordPress security research. Since the launch of our Bug Bounty Program in November 2023, we have awarded nearly $350,000 in bounties. We ensure that vulnerabilities are confidentially disclosed to vendors, who we work with to patch and release updates before any findings are made public.

We then share prominent vulnerabilities on our blog to help other security vendors improve their products and to raise awareness within the community about the importance of keeping software up to date.

In addition to our bug bounty program, Wordfence offers a free, comprehensive vulnerability database accessible through a web interface, webhook integration, and API. While some vendors treat vulnerabilities as proprietary, we believe they should be considered public information, and we do not charge for access to our database. Our commitment to timely and responsible disclosure further underscores our mission to secure the Web.

Join the Hunt and Help Us Secure WordPress!

Join us for the Cybersecurity Month Spooktacular Haunt, and let’s make the WordPress world a safer place!

Ready to begin your quest?

Don’t miss this fantastic opportunity to contribute to WordPress security and earn some incredible rewards along the way!

Happy haunting! 👻

Wordfence Bug Bounty Program - Unleash Your Potential

Join the Wordfence WordPress Bug Bounty Program and become a part of a thriving community of talented individuals committed to making the internet a safer place.

Join the Program

Did you enjoy this post? Share it!

LinkedIn 

Comments

No Comments

All comments are moderated before being published. Inappropriate or off-topic comments may not be approved.

Breaking WordPress Security Research in your inbox as it happens.

Example of a news story

This site uses cookies in accordance with our Privacy Policy.