Each month we give out rewards and recognition to our community of security researchers and ethical hackers for their contributions to finding WordPress vulnerabilities.
Below you’ll find the leaderboard and winners of July’s bug hunt.
July 2022 summary
Our researchers caught some seriously big fish in July – one reported vulnerability was found in a plugin with more than 3 million active installs. The average active installation count per reported vulnerability was 141,903.
This goes to show that bugs happen to the best of us – but as long as we take them seriously we can learn from our mistakes and become better developers.
The highest CVSS score reported was 9.1, which indicates critical severity. The plugin that contained that particular bug had 600,000+ active installs.
Besides the main prizes for the Alliance points each month, we have special bounties for vulnerabilities with the highest active install count and highest CVSS severity base score. This month once again Yeraisci managed to nab both prizes!
Leaderboard and winners
Without further ado, here are July’s top bug hunters:
Thanks to all researchers who submitted vulnerability reports last month!
If you want to compete in the bug hunt and contribute to making WordPress safer, you can join the Patchstack Alliance here.
What is Patchstack Alliance?
Patchstack Alliance is a community of ethical hackers and researchers who support the open web by finding and reporting vulnerabilities in WordPress plugins and themes.
All valid vulnerabilities are also publicly available in our vulnerability database.