Patchstack Alliance July Winners & Leaderboard

Published 15 August 2022
Updated 28 November 2024
Table of Contents

Each month we give out rewards and recognition to our community of security researchers and ethical hackers for their contributions to finding WordPress vulnerabilities.

Below you’ll find the leaderboard and winners of July’s bug hunt.

July 2022 summary

Our researchers caught some seriously big fish in July – one reported vulnerability was found in a plugin with more than 3 million active installs. The average active installation count per reported vulnerability was 141,903.

This goes to show that bugs happen to the best of us – but as long as we take them seriously we can learn from our mistakes and become better developers.

The highest CVSS score reported was 9.1, which indicates critical severity. The plugin that contained that particular bug had 600,000+ active installs.

Besides the main prizes for the Alliance points each month, we have special bounties for vulnerabilities with the highest active install count and highest CVSS severity base score. This month once again Yeraisci managed to nab both prizes!

Leaderboard and winners

Without further ado, here are July’s top bug hunters:

*BONUS prizes – 100 USD for highest CVSS score, 100 USD for highest install count in THE vulnerable plugin

Thanks to all researchers who submitted vulnerability reports last month!

If you want to compete in the bug hunt and contribute to making WordPress safer, you can join the Patchstack Alliance here.

What is Patchstack Alliance?

Patchstack Alliance is a community of ethical hackers and researchers who support the open web by finding and reporting vulnerabilities in WordPress plugins and themes.

All valid vulnerabilities are also publicly available in our vulnerability database.

The latest in Bug bounty

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
crossmenu