Announcing Patchstack Alliance Season 1 – New Bug Hunt Challenge and Rewards

Published 31 March 2023
Updated 24 July 2023
Darius Sveikauskas
Bounty & Data Overlord
Table of Contents

Behold, a new Patchstack Alliance season is here! We thought you might get bored without new challenges, so we prepared an exciting season. The season starts tomorrow, April 1st (it’s not a joke), and ends on June 30th. You’ll have three months of fun.

Let’s start with the things we will hunt for this season – themes, page builders, and their extensions. All reports that will be related to themes, page builders, or their extensions will get a +15% XP boost!

Why boost? Because this season is integrated into the monthly competitions, it’s not separate. So all reports are acceptable, but the ones for themes, page builders, or extensions are getting more points.

Patchstack Alliance - seasonal challenge - find bugs in themes and page builders

Higher bounties

With this season, we have increased the monthly bounty pool from 1900 USD to 2425 USD. It means the main pool is now 2025 USD, and there are 400 USD reserved for the special bounties (see the rules for more information about them).

We are also increasing the bounties for the top 10 researchers:

  • The first-place winner will get 650 USD
  • Second place 350 USD
  • Third place 250 USD
  • Fourth to tenth places will be awarded 75 USD bounties.
  • Eleventh to the fifteenth position will earn 50 USD.

Get rewarded by the public

Patchstack database is powering security scans for nearly 5 million WordPress sites already. If a user gets alerted by a vulnerability you found, we want to give them an opportunity to say thanks to you as well (so look for vulnerabilities in plugins that have high installation counts).

We are introducing the personal BuyMeACoffee buttons that will be visible on the following:

  • On your Alliance member profile page.
  • On the report pages that we are sending to the vendors to let them know about the vulnerability you have found.
  • On the database entries with the vulnerabilities, you have reported to the Alliance.
BuyMeACoffee button preview

This will give vendors and the community a clear way to thank you for your research. Just remember to create an account on BuyMeACoffee and provide us with your link so we can assign it to your Alliance profile.

More gamification

Oh, and that’s not the end. We want to spice up your competition. You will be able to see your positions on the leaderboard, but the scores will be hidden until the end of the month. So you will play with “hidden cards,” making it harder to understand how many points separate you from the other researcher above in the leaderboard.

Just keep an eye on the leaderboard, because you’ll never know when someone might take over your position!

Join the Alliance

Patchstack Alliance is a community of ethical hackers who contribute into making the entire web more secure. It’s a great place to learn new skills, make friends and create a portfolio of your security research.

If you’re a security researcher, you can join our Patchstack Alliance program here to report vulnerabilities and earn rewards. You can also join our Discord channel.

The latest in Patchstack Alliance

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.