In March 2021, we started a bug-hunting program where together with partners, we reward developers and ethical hackers who help us make the WordPress ecosystem more secure.
Since then, we have received more than 1000 security reports and paid out $17,450 USD as cash rewards. This is all possible thanks to our dear partners who you can see here: https://patchstack.com/bug-bounty/
We didn’t stop there! We also kicked off an annual WP BUG HUNT where anyone who reports security issues has the potential to win infosec licenses, merch, and more!
Prizes for the WordPress Bug Hunt 2021
The WordPress Bug Hunt 2021 was not only for Patchstack Alliance members but for the entire WordPress ecosystem, so anyone who wanted to contribute could join.
All you needed to do was to report at least one valid security vulnerability within a WordPress core, any theme, or any plugin which we can then help the developers fix.
Everyone who reported more than 3 valid vulnerabilities got an invitation to the Patchstack Alliance program where monthly cash payouts are guaranteed to active members.
Winners of the WordPress Bug Hunt 2021 prizes are picked randomly from everyone who participated. The kickoff season had the following prizes:
- 1 x HAK5 Essentials Field Kit
- 2 x BurpSuite PRO annual license
- 2 x PentesterLab PRO annual license
- 3 x Patchstack hoodie
- 3 x Patchstack water bottle
The winners of WordPress Bug Hunt 2021
First of all, we’d like to thank all of our partners, community members, and supporters who have helped us with the program and who deeply care about WordPress and open-source security.
We’d like to bring out some of the biggest supporters such as Plesk, Pagely, Veebimajutus, GridPane, SecuPress, ShieldSecurity, and Themecloud. The entire WordPress ecosystem thanks you for your contribution!
1 x HAK5 Essentials Field Kit - Tien Nguyen Anh
1 x BurpSuite PRO annual license - Julio Potier (SecuPress)
1 x BurpSuite PRO annual license - Ahmed Ibrahim
1 x PentesterLab PRO annual license - Asif Nawaz Minhas
1 x PentesterLab PRO annual license - Philippe Dourassov
Patchstack hoodie - ptsfense
Patchstack hoodie - Jeong Won Jun
Patchstack hoodie - Lenon Leite
Patchstack water bottle - Rasi Afeef
Patchstack water bottle - Nguyen Van Khanh
Patchstack water bottle - Huli
Congratulations to everyone and thank you for participating! Patchstack will reach out to each and every one of you directly!
Patchstack Alliance becomes more open
We will announce the next season of WordPress Bug Hunt soon... but before that, we’ll make the entire Patchstack Alliance program more accessible to everyone.
Access to the community & monthly cash prizes is now available to anyone who reports at least 1 valid vulnerability.
Additionally to the guaranteed monthly cash prizes, we have introduced special bounties for:
- Vulnerability with the highest installation count*
- Vulnerability that affects most (more than one) plugins*
- Vulnerability with the highest CVSS (3.1) severity*
More information about Patchstack Alliance and how to get involved can be found here: https://patchstack.com/bug-bounty/
If you care about WordPress and open-source security and would like to support the Patchstack Alliance program - please let us know!