Banner object (1)

Hack and Take the Cash !

751 bounties in database
Ian Dunn logo


Ian Dunn


Bounties are usually only paid for source code vulnerabilities in the assets listed in the In Scope section below. Low severity reports will often be closed as Informative, since they're not worth the time.

Top Targets

There are more targets listed in the In Scope section below.


Severity | Award
High | $100 - $400
Medium | $50
Low | $0 - $25

Severity is based on CVSS 3 __, but may be adjusted up or down at my discretion. For example, a vulnerability in a plugin with 10,000 active installations may be higher than a vulnerability in a plugin with 100 active installations.

To qualify, reports must include a PoC and have complete steps to reproduce. There must be practical and demonstrable security implications , not just a theoretical scenario, or a missing best practice.

Scope Exclusions / Common Invalid Reports

Invalid reports will be disclosed in order to help other researchers and programs learn from them.

Hall of Fame

List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2019