🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Bug Bounty Program — Researcher Achievements

Welcome to the Achievements page for our Bug Bounty Program, where dedication, skill, and collaboration meet tangible recognition. As you contribute to the WordPress open source community through our bug bounty program, we believe it's essential to acknowledge your hard work and commitment. That's why we've crafted a unique system of badges called "Achievements" to highlight your contributions and milestones.

Each Achievement badge represents a distinct accomplishment within our bug bounty program. These badges are not just virtual trinkets; they are a testament to your expertise, resilience, and commitment to making the digital world a safer place.

The road to earning Achievements is a journey of growth and discovery. Our badge system encourages researchers to hone their skills, collaborate with others, and think outside the box. Each badge you earn elevates your status within the open source community, showcasing your prowess and dedication to peers and potential employers.

Your Achievements are proudly displayed on your researcher profile, giving you a competitive edge and a sense of accomplishment. Each badge comes with its own criteria, creating a clear pathway for you to advance in your bug bounty journey. By meeting these criteria, you demonstrate your ability to overcome challenges and contribute to the betterment of the open source ecosystem.

Whether you're a seasoned security researcher or just starting your bug-hunting journey, our Achievements are a way for you to track your progress, set your goals, and gain recognition in the open source community. Start participating today, and see which badges you can earn. No matter the challenge, every step you take brings you closer to your next Achievement.

Scroll down to explore the different badges below with details for how you can reach each Achievement. Set your sights on your next badge and remember: each Achievement represents a stronger, safer open source community, thanks to you. Please note we are launching with a limited set of badges and you can expect to see more here soon!

We can't wait to see what you'll achieve next!

Submitted XSS Vulnerability

This achievement is awarded to individuals who have submitted at least one valid Cross-Site Scripting (XSS) vulnerability to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

WordPress Superhero

This achievement is awarded to individuals who have submitted at least one critical or high severity vulnerability in a plugin or theme with over 5,000,000 Active Installations to the Wordfence Bug Bounty Program.

Resourceful Researcher

This achievement is exclusively for researchers who earn the Resourceful Researcher status. These individuals have demonstrated significant and meaningful research in the WordPress Security space.

1337 Vulnerability Researcher

This achievement is exclusively for researchers who earn 1337 Wordfence Vulnerability Researcher status. These individuals have demonstrated exceptional and meaningful research in the WordPress Security space.

Submitted 1 Vulnerability

This achievement is awarded to individuals who have submitted at least one valid vulnerability to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 5 Vulnerabilities

This achievement is awarded to individuals who have submitted at least five valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 10 Vulnerabilities

This achievement is awarded to individuals who have submitted at least ten valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 25 Vulnerabilities

This achievement is awarded to individuals who have submitted at least twenty five valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 50 Vulnerabilities

This achievement is awarded to individuals who have submitted at least fifty valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 75 Vulnerabilities

This achievement is awarded to individuals who have submitted at least seventy five valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 100 Vulnerabilities

This achievement is awarded to individuals who have submitted at least one hundred valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 200 Vulnerabilities

This achievement is awarded to individuals who have submitted at least two hundred valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 300 Vulnerabilities

This achievement is awarded to individuals who have submitted at least three hundred valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 400 Vulnerabilities

This achievement is awarded to individuals who have submitted at least four hundred valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 500 Vulnerabilities

This achievement is awarded to individuals who have submitted at least five hundred valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Submitted 750 Vulnerabilities

This achievement is awarded to individuals who have submitted at least seven hundred and fifty valid vulnerabilities to the bug bounty program. Please note, in order for a researcher to earn this badge the vulnerability must be submitted directly to Wordfence and must have a registered researcher account at the time of submission.

Wordfence Vulnerability Researcher

This achievement is exclusively for employees and contractors of Wordfence. The only way to earn this achievement is to be an employee of Wordfence, or a contractor working with Wordfence, and discover at least one vulnerability.

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation