Bounty Leaderboard API Enable Protection

Developer

MainWP

Current version

4.4.1.1

Installations

600 000

Last updated

2 weeks ago

Vulnerability disclosure program

04.05.2023

This is the official vulnerability disclosure program for MainWP Child. If you're a security researcher and believe that you have found a security vulnerability within our software, please send us details through the "report" form on this page. Please include as detailed information as possible, so we could verify the issue and get back to you as soon as possible with either additional questions or with a potential fix. All valid security vulnerabilities will receive a CVE and may also earn you rewards from Patchstack Alliance bug bounty program.

Qualifying vulnerabilities

SQL Injection

Cross Site Scripting (XSS)

Remote/Local File Inclusion

Cross-Site Request Forgery (CSRF)

Open Redirection

Bypass Vulnerability

Broken Access Control

Privilege Escalation

Arbitrary File Read/Download/Upload/Deletion

Sensitive Data Exposure

Arbitrary/Remote Code Execution

Server Side Request Forgery (SSRF)

Denial of Service

PHP Object Injection

Deserialization of untrusted data

Insecure Direct Object References (IDOR)

CSV Injection

Broken Authentication

Path Traversal

Race Condition

Non-qualifying vulnerabilities

Cross-Site Request Forgery (CSRF) on read-only actions

Pre-requisite of another vulnerability

Pre-requisite of specific or unusual conditions

Vulnerabilities that requires exotic server configurations or outdated server software

Missing encryption/hashing on potential sensitive information

Spoofing of data (User Agent, IP address, etc.) with no serious security impact

No bounties by the vendor

Currently none
-

Report and compete for monthly rewards

To leaderboard

Members of the Patchstack Alliance bug bounty program are ellegible for monthly cash rewards.

Top contributor $650
2nd contributor $350
3rd contributor $250
Monthly contributors ranking 4th to 10th receive
$75
Monthly contributors ranking 11th to 15th receive
$50
One lucky researcher receives*
$50

Additional bounties can be paid out to Patchstack Alliance members for findings that are beneficial to the community, particularly interesting or hard to find. Please read our full guidelines and terms before reporting.

Additional rewards by Patchstack

Vulnerability with the highest installation count* $100
Vulnerability that affects most (more than one) plugins* $100
Vulnerability with the highest CVSS (3.1) severity* $100
Additional bounties for achievements that are beneficial to the community or particularly interesting* $100

Eligibility and responsibility

We would like to thank everyone who submits valid reports that help us improve the security of MainWP Child. However, only those that meet the following eligibility requirements may receive a monetary reward for vulnerabilities found in the MainWP Child source code.

You must be the first reporter of a vulnerability

It must be a real and measurable vulnerability (CVSS 3.1 base score not lower than 2.6 points)

There must be impact on at least one of three CIA parameters (Confidentiality, Integrity, or Availability) via network attack vector

It doesn't require chaining with other vulnerabilities

Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through patchstack.com

Once reported, the vulnerability information should not be shared with other parties until disclosure

Reports are examined by our security analysts - our analysis is always based on worst case exploitation & the business criticality of the vulnerability, as is the reward we pay

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more
Back to MainWP Child Logo MainWP Child 3

Plugin developer? Start a Managed Vulnerability Disclosure Program.

Free for all
To plugin page

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close