Start FREE

Start a free security program for your WordPress plugins

Streamline security bug reporting with Patchstack’s managed Vulnerability Disclosure Program (mVDP).
Apply for mVDPVDP directory
Patchstack is the official security partner for 300+ plugins:

How does mVDP work?

1
A researcher finds and reports vulnerability in your software.
2
We validate the report, reward the researcher and forward it to you.
3
You, the vendor, address the issue and provide a security update to users.
4
We validate the security fix and do responsible disclosure.

Patch security issues before they become 0days

See example report

Reporters follow responsible disclosure guidelines with a clear and ethical framework which saves valuable time to publish a fix and minimize harm.

Streamline reporting through a single trusted channel

Never miss a security report because of spam filters or broken contact forms.

Set custom disclosure rules and be part of CVE assigning

Need more time to review your code before public disclosure? Not a problem.

Our security experts filter reports and help validate fixes

Receive assistance from the Patchstack team and reporting researcher to patch security vulnerabilities and minimize harmful outcome.

Show the community that you take security seriously

Make your plugin more attractive and trustworthy by embedding or linking your unique Patchstack badge.

So how to get started?

1
Provide us your software and contact details via the Typeform below.
2
Patchstack creates a disclosure program page preview for your project(s).
3
Link mVDP to your plugin readme.txt so researchers know where to report.
4
Forward us the git/repo readme to verify and publish the mVDP.

What the FAQ?

Setting up and running a mVDP is totally free however you may set custom bounties on your own terms.

Yes, mVDP is free for all. When applying, make sure to mark when a plugin has both.

As many as you like.

Patchstack incentivizes researchers through a monthly bounty pool. Researchers receive extra Alliance XP for reporting vulnerabilities in software with a mVDP. Patchstack is also a registered CNA, allowing us to claim CVE records for the researchers findings. This is valuable proof they can use to show their expertise in security on profiles they can showcase to the security community and industry.

Submit your software and contact details to get started.

Request a security audit instead

Website security

PricingFor WordPressFor WooCommerceFor agenciesFor hostsAPIDocumentationLog in

For plugin devs

Managed VDP
Log in
Active programsSecurity auditing

For researchers

Bug bounty
Log in
Guidelines
Learn
Discord

Resources

Vulnerability databaseWhitepaper 2024
Vulnerability statistics
Case studies
Articles

Patchstack

AboutCareers
Affiliates
Merch storeMedia kit

Socials

LinkedInFacebookX
Patchstack logo
© 2024 Patchstack
DPAPrivacy PolicyTerms & ConditionsCo-funded by EU logo
Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
crossmenu