Winners Of WordPress Bug Hunt 2021

Published 11 May 2022
Updated 24 July 2023
Oliver Sild
CEO at Patchstack
Table of Contents

In March 2021, we started a bug-hunting program where together with partners, we reward developers and ethical hackers who help us make the WordPress ecosystem more secure.

Since then, we have received more than 1000 security reports and paid out $17,450 USD as cash rewards. This is all possible thanks to our dear partners who you can see here:

We didn’t stop there! We also kicked off an annual WP BUG HUNT where anyone who reports security issues has the potential to win infosec licenses, merch, and more!

Prizes for the WordPress Bug Hunt 2021

The WordPress Bug Hunt 2021 was not only for Patchstack Alliance members but for the entire WordPress ecosystem, so anyone who wanted to contribute could join.

All you needed to do was to report at least one valid security vulnerability within a WordPress core, any theme, or any plugin which we can then help the developers fix.

Everyone who reported more than 3 valid vulnerabilities got an invitation to the Patchstack Alliance program where monthly cash payouts are guaranteed to active members.

WordPress Bug Hunt 2021

Winners of the WordPress Bug Hunt 2021 prizes are picked randomly from everyone who participated. The kickoff season had the following prizes:

The winners of WordPress Bug Hunt 2021

First of all, we’d like to thank all of our partners, community members, and supporters who have helped us with the program and who deeply care about WordPress and open-source security.

We’d like to bring out some of the biggest supporters such as Plesk, Pagely, Veebimajutus, GridPane, SecuPress, ShieldSecurity, and Themecloud. The entire WordPress ecosystem thanks you for your contribution!


1 x HAK5 Essentials Field Kit – Tien Nguyen Anh

1 x BurpSuite PRO annual license – Julio Potier (SecuPress)

1 x BurpSuite PRO annual license – Ahmed Ibrahim

1 x PentesterLab PRO annual license – Asif Nawaz Minhas

1 x PentesterLab PRO annual license – Philippe Dourassov

Patchstack hoodie – ptsfense

Patchstack hoodie – Jeong Won Jun

Patchstack hoodie – Lenon Leite

Patchstack water bottle – Rasi Afeef

Patchstack water bottle – Nguyen Van Khanh

Patchstack water bottle – Huli

Congratulations to everyone and thank you for participating! Patchstack will reach out to each and every one of you directly!

Patchstack Alliance becomes more open

We will announce the next season of WordPress Bug Hunt soon… but before that, we’ll make the entire Patchstack Alliance program more accessible to everyone.

Access to the community & monthly cash prizes is now available to anyone who reports at least 1 valid vulnerability.

Additionally to the guaranteed monthly cash prizes, we have introduced special bounties for:

  • Vulnerability with the highest installation count*
  • Vulnerability that affects most (more than one) plugins*
  • Vulnerability with the highest CVSS (3.1) severity*

More information about Patchstack Alliance and how to get involved can be found here:

If you care about WordPress and open-source security and would like to support the Patchstack Alliance program – please let us know!

The latest in Patchstack News

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.