Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!

Calling all vulnerability researchers! Get ready to immerse yourselves in the world of WordPress security with the Wordfence Cybersecurity Month Spooktacular Haunt, running from now through November 11th, 2024!

What’s Happening During This Cybersecurity Month Spooktacular Haunt?

In celebration of Cybersecurity Awareness Month and the ‘Secure Our World‘ theme for this year, we’re brewing up some extra-exciting opportunities to propel our mission to Secure the Web. The Cybersecurity Month Spooktacular Haunt gives researchers the chance to earn spooktacularly good rewards while fortifying the WordPress ecosystems’s defenses against vulnerabilities.

Check out these haunting highlights:

Increased Scope for Researchers: The fog has lifted, and a broader range of targets awaits! Standard Researchers and Resourceful Researchers can now submit vulnerabilities in plugins and themes with 1,000 or more active installations to earn a bounty, a significant expansion from the previous active install count minimum of 50,000 & 15,000 respectively.

Increased Pending Report Limits for all Researchers: The number of pending reports each researcher can have is expanding so everyone can maximize their returns during the promotion.

Standard Researchers: Your pending report limit has been increased to 30, six-times the standard limit.
Resourceful Researchers: Your pending report limit has been increased to 45, triple the standard limit.
1337 Researchers: Your pending report limit has been increased to 60, double the standard limit.

Resourceful Researchers and 1337 Researchers will earn an automatic 10% – 120% bonus on all submissions in software up to 5,000,000 Active Installs

Resourceful Researchers will earn an automatic bonus of 10% to 60% on all accepted submissions (excluding 5,000,000+ active installations, which are still part of the WordPress Superhero Challenge). This bonus scales with the active installation count of the targeted software.
1337 Researchers will earn an automatic bonus of 20% to 120% on all accepted submissions (excluding 5,000,000+ active installations, which are still part of the WordPress Superhero Challenge). Again, this bonus scales with the active installation count of the chosen software. Please note: this will replace the standard 5% bonus on those submissions for this tier.

The Superhero Challenge has also been extended through November 11, 2024. This means you can earn up to $31,200 for high impact finds in plugins and themes with >= 5,000,000 Active Installations.

For a detailed breakdown of the bonus structure and what’s in scope, refer to our bonus chart here:

 

All bonuses have been factored into the bounty estimator, so the best place to get an idea of how much you can earn for any given vulnerability is the bounty estimator located here: https://www.wordfence.com/threat-intel/bug-bounty-program/#rewards

Wordfence’s Commitment to WordPress Security

Wordfence remains committed to advancing WordPress security research. Since the launch of our Bug Bounty Program in November 2023, we have awarded nearly $350,000 in bounties. We ensure that vulnerabilities are confidentially disclosed to vendors, who we work with to patch and release updates before any findings are made public.

We then share prominent vulnerabilities on our blog to help other security vendors improve their products and to raise awareness within the community about the importance of keeping software up to date.

In addition to our bug bounty program, Wordfence offers a free, comprehensive vulnerability database accessible through a web interface, webhook integration, and API. While some vendors treat vulnerabilities as proprietary, we believe they should be considered public information, and we do not charge for access to our database. Our commitment to timely and responsible disclosure further underscores our mission to secure the Web.

Join the Hunt and Help Us Secure WordPress!

Join us for the Cybersecurity Month Spooktacular Haunt, and let’s make the WordPress world a safer place!

Ready to begin your quest?

Explore our website for the full program details.
If you’re ready to join our ranks, sign up to become a researcher!
Submit your vulnerability reports through our portal and prepare for a rewarding experience.
Join our Discord to chat with other researchers and the Wordfence Threat Intelligence Team.

Don’t miss this fantastic opportunity to contribute to WordPress security and earn some incredible rewards along the way!

Happy haunting!

The post Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt! appeared first on Wordfence.

Leave a Comment