Start a free security program for your WordPress plugins
How does mVDP work?
Patch security issues before they become 0daysSee example report
Reporters follow responsible disclosure guidelines with a clear and ethical framework which saves valuable time to publish a fix and minimize harm.
Streamline reporting through a single trusted channel
Set custom disclosure rules and be part of CVE assigning
Our security experts filter reports and help validate fixes
Show the community that you take security seriously
Make your plugin more attractive and trustworthy by embedding or linking your unique Patchstack badge.
So how to get started?
Frequently asked questions
Yes, mVDP is free for all. When applying, make sure to mark when a plugin has both.
As many as you like.
Patchstack incentivizes researchers through a monthly bounty pool. Researchers receive extra Alliance XP for reporting vulnerabilities in software with a mVDP. Patchstack is also a registered CNA, allowing us to claim CVE records for the researchers findings. This is valuable proof they can use to show their expertise in security on profiles they can showcase to the security community and industry.
Setting up and running a mVDP is totally free however you may set custom bounties on your own terms.