Security programs Bounty leaderboard API Protect
Pixel Manager for WooCommerce Logo

Pixel Manager for WooCommerce

Plugin

Developer

SweetCode

Current version

1.34.0

Installations

50,000

Last updated

1 month ago

Vulnerability disclosure program

22 December, 2022

This is the official vulnerability disclosure program for Pixel Manager for WooCommerce. If you're a security researcher and believe that you have found a security vulnerability within our software, please send us details through the "report" button linked at the top of this page. Please include as detailed information as possible, so we could verify the issue and get back to you as soon as possible with either additional questions or with a potential fix. All valid security vulnerabilities will receive a CVE and may also earn you rewards from Patchstack Alliance bug bounty program.

Plugin developer? Start a Managed Vulnerability Disclosure Program.

Free for all

Qualifying vulnerabilities

SQL Injection

Cross Site Scripting (XSS)

Remote/Local File Inclusion

Cross-Site Request Forgery (CSRF)

Open Redirection

Bypass Vulnerability

Broken Access Control

Privilege Escalation

Arbitrary File Read/Download/Upload/Deletion

Sensitive Data Exposure

Arbitrary/Remote Code Execution

Server Side Request Forgery (SSRF)

Denial of Service

PHP Object Injection

Deserialization of untrusted data

Insecure Direct Object References (IDOR)

CSV Injection

Broken Authentication

Path Traversal

Race Condition

Personal Identifiable Information (PII) leak

Non-qualifying vulnerabilities

Cross-Site Request Forgery (CSRF) on read-only actions

Pre-requisite of another vulnerability

Pre-requisite of specific or unusual conditions

Vulnerabilities that requires exotic server configurations or outdated server software

Missing encryption/hashing on potential sensitive information

Spoofing of data (User Agent, IP address, etc.) with no serious security impact

No bounties by the vendor

Currently none
-

Report and compete for monthly rewards

To leaderboard

Members of the Patchstack Alliance bug bounty program are ellegible for monthly cash rewards.

Top contributor $650
2nd contributor $350
3rd contributor $250
Monthly contributors ranking 4th to 10th receive
$75
Monthly contributors ranking 11th to 15th receive
$50
One lucky researcher receives*
$50

Additional bounties can be paid out to Patchstack Alliance members for findings that are beneficial to the community, particularly interesting or hard to find. Please read our full guidelines and terms before reporting.

Additional rewards by Patchstack

Vulnerability with the highest installation count* $100
Vulnerability that affects most (more than one) plugins* $100
Vulnerability with the highest CVSS (3.1) severity* $100
Additional bounties for achievements that are beneficial to the community or particularly interesting* $100

Eligibility and responsibility

We would like to thank everyone who submits valid reports that help us improve the security of Pixel Manager for WooCommerce. However, only those that meet the following eligibility requirements may receive a monetary reward for vulnerabilities found in the Pixel Manager for WooCommerce source code.

You must be the first reporter of a vulnerability

It must be a real and measurable vulnerability (CVSS 3.1 base score not lower than 2.6 points)

There must be impact on at least one of three CIA parameters (Confidentiality, Integrity, or Availability) via network attack vector

It doesn't require chaining with other vulnerabilities

Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through patchstack.com

Once reported, the vulnerability information should not be shared with other parties until disclosure

Reports are examined by our security analysts - our analysis is always based on worst case exploitation & the business criticality of the vulnerability, as is the reward we pay

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

Known vulnerabilities

0 present
3 patched
View on database
All active programs All active programs

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close