COMPE – WooCommerce Compare Products

VillaTheme

Developer

1.1.3

Latest version

70

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability disclosure policy

This is the official vulnerability disclosure program for COMPE – WooCommerce Compare Products. If you're a security researcher and believe that you have found a security vulnerability within our software, please send us details through the "report" form on this page. Please include as detailed information as possible, so we could verify the issue and get back to you as soon as possible with either additional questions or with a potential fix. All valid security vulnerabilities will receive a CVE and may also earn you rewards from Patchstack Alliance bug bounty program.

Patchstack Zeroday payouts

See full terms

Patchstack pays a fixed bounty for high value vulnerabilities.

Report for monthly rewards

To leaderboard

Members of the Bug Bounty program receive XP for their reports and are eligible for monthly cash rewards.

$2,000Top ranking contributor

$1,400Contributor ranking 2nd

$800Contributor ranking 3rd

$600Contributor ranking 4th

$500Contributor ranking 5th

$400Contributor ranking 6th to 10th

$200Contributor ranking 11th to 15th

$100Contributor ranking 16th to 19th

$50Contributors ranking 20th

$50Random pick

$50Random pick outside TOP20

No active bounties by the developer

Eligibility and responsibility

We would like to thank everyone who submits valid reports that help us improve the security of COMPE – WooCommerce Compare Products. However, only those that meet the following eligibility requirements may receive a monetary reward for vulnerabilities found in the COMPE – WooCommerce Compare Products source code.

You must be the first reporter of a vulnerability.

The vulnerability must be a qualifying vulnerability (see below).

Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through patchstack.com.

You must avoid tests that could cause degradation or interruption of our service (refrain from using automated tools, and limit your requests per second). If you over do it, your IP address might be throttled or even (temporarily) blocked to protect our infrastructure. See how.

Reports on vulnerabilities are examined by our security analysts - our analysis is always based on worst case exploitation & the business criticality of the vulnerability, as is the reward we pay.

Qualifying vulnerabilities

SQL Injection

Cross Site Scripting (XSS)

Remote/Local File Inclusion

Cross-Site Request Forgery (CSRF)

Open Redirection

Bypass Vulnerability

Broken Access Control

Privilege Escalation

Arbitrary File Read/Download/Upload/Deletion

Sensitive Data Exposure

Arbitrary/Remote Code Execution

Server Side Request Forgery (SSRF)

Denial of Service

PHP Object Injection

Deserialization of untrusted data

Insecure Direct Object References (IDOR)

CSV Injection

Broken Authentication

Path Traversal

Race Condition

Non-qualifying vulnerabilities

Cross-Site Request Forgery (CSRF) on read-only actions

Pre-requisite of another vulnerability

Pre-requisite of specific or unusual conditions

Vulnerabilities that requires exotic server configurations or outdated server software

Missing encryption/hashing on potential sensitive information

Spoofing of data (User Agent, IP address, etc.) with no serious security impact

Plugin developer? Start a Managed Vulnerability Disclosure Program.

Free for all