Patchstack Red Team is a community of independent security researchers who contribute to building a safer web.
May prize pool increased to $1300 USD
Security researchers who report vulnerabilities to the Patchstack database are being paid for their findings.
Patchstack, with the help of supporters, has put together a monthly prize pool that has been increasing month over month. For example, the total prize pool paid out for April findings was $1100 USD.
In May 2021 the prize pool has increased to $1300 USD with help of the following supporters:
If you wish to contribute to the initiative to help us build a security community behind WordPress – then reach out here!
156 vulnerabilities found in April by Patchstack Red Team
Patchstack Red Team community is growing as new members are joining. The vulnerability reports have been doubled since March. While many of these vulnerabilities are disclosed at Patchstack database – a large number of them are still about to get patched by the developers.
Here are some statistics from the vulnerabilities reported in April.
Reported vulnerability types:
- XSS – 106
- CSRF – 16
- SQLi – 15
- RCE – 9
- Other – 10
The most popular plugin had 5+ million installs, smallest plugin 370 active installs (not only big projects are being audited). There were six plugins with more than 1 million active installs with a total of 9 vulnerabilities discovered.
Top 5 Patchstack Red Team members:
Patchstack Red Team community is growing
For the past months, Patchstack Red Team members have been hand-picked. Due to a large number of applications by security researchers who want to get involved, we have now opened it up to the public.
If you wish to make the WordPress ecosystem more secure, contribute your skills, get exposure as a researcher and get part of that prize pool – here’s how to apply!