Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
23/11/2017
JohnBlackbourn logo
Thanks
Gift
Hall of Fame
Reward

In Scope

Scope Type Scope Name
undefined https://github.com/johnbillion/wp-crontrol
undefined https://github.com/johnbillion/query-monitor
undefined https://github.com/johnbillion/user-switching
undefined https://github.com/johnbillion/global-post-password

JohnBlackbourn

I maintain a number of popular open source WordPress plugins which deal with user authentication and sensitive information. I believe that the more eyes that software sees, the more secure it can be. If you believe you've found a security issue in one of the plugins listed below, I encourage you to notify me via HackerOne. I welcome working with you to resolve the issue promptly.

Targets

Qualifying Vulnerabilities

Any reproducible vulnerability that affects the security of users or their data is likely to be in scope. Common examples include:

  • Cross Site Scripting.
  • Cross Site Request Forgery.
  • Server Side Request Forgery.
  • Remote Code Execution.
  • SQL Injection.
  • Privilege Escalation.
  • Unintended Information Disclosure.

Invalid Targets or Bugs

  • XSS when the user is logged in as an Administrator or Editor - More info here __.
  • Code execution by users who have the edit_files capability.
  • Security bugs in WordPress itself - report these to the WordPress project on HackerOne instead.
  • Path disclosure, directory listing, and version number disclosure.
  • Output from automated scans - please manually verify issues and include a valid proof of concept.

If in doubt, please go ahead and open a report.

Disclosure Policy

  • Let me know as soon as possible upon discovery of a potential security issue, and I'll make every effort to quickly resolve the issue.
  • Provide me a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of services that use my code.

Rewards

I'm not currently offering financial rewards as my software is free and open source. This may change in the future.


This is a personal HackerOne program and is not associated with WordPress or the WordPress HackerOne program.

FireBounty © 2015-2019

Legal notices