We are beyond excited to celebrate the winter holidays and launch of Patchstack Alliance Discord community with a special bug hunting event taking place throughout December 2022.
In December, we released public leaderboard and profiles for the top security researchers who contribute into making WordPress and the open-source web more secure.
You can see the November winners and profiles here: https://patchstack.com/database/leaderboard?monthly=2
On each Monday, we’ll announce the scope for the weekly bug hunting focus. With 4 weeks of challenges and a monthly prizes on top, we pay out $4300 in cash rewards!
Each week has a special vulnerability that needs to be hunted in any publicly available WordPress themes, plugins or even in the core itself.
The top 3 researchers with the most points from each week will get cash rewards (1st place - $300, 2nd - $200, and 3rd - $100). All points will also be used for the monthly Patchstack Alliance competition, with an additional $1900 prize-pool.
1st place ($300 bounty) - Lana Codes reported 58x vulnerabilities (349.4 points)
2nd place ($200 bounty) - Muhammad Daffa reported 9x vulnerabilities (129 points)
3rd place ($100 bounty) - Cat reported 25x vulnerabilities (125.3 points)
1st place ($300 bounty) - minhtuanact reported 8x vulnerabilities (50.4 points)
2nd place ($200 bounty) - pilvar reported 1x vulnerabilities (31.5 points)
3rd place ($100 bounty) - Muhammad Daffa reported 2x vulnerabilities (21.5 points)
1st place ($300 bounty) - Le Ngoc Anh reported 2x vulnerabilities (16.8 points)
2nd place ($200 bounty) - minhtuanact reported 10x vulnerabilities (14.6 points)
3rd place ($100 bounty) - Lucio Sá reported 1x vulnerability (7.5 points)
1st place ($300 bounty) - minhtuanact reported 1x vulnerability (9 points)
2nd place ($200 bounty) - Le Ngoc Anh reported 1x vulnerability (8.5 points)
3rd place ($100 bounty) - none
More details on the Patchstack Alliance Discord
Patchstack is an official CNA authorised by MITRE to assign CVE IDs to vulnerabilities reported through the Patchstack Alliance bug bounty program. We make sure the reports get to the developers and that all ethical hackers get credit for their research and contribution.
Patchstack Alliance is a community of ethical hackers who contribute into making the entire web more secure. It’s a great place to learn new skills, make friends and create a portfolio of your security research.
For more information & rules, join our Discord server here: https://patchstack.com/alliance/