Banner object (1)

Hack and Take the Cash !

751 bounties in database
Automattic logo



Automattic runs __, Jetpack __, VaultPress __, Akismet __, Gravatar __, Cloudup __, WooCommerce __, and more. Find a complete list of projects on our website __.

Please, report vulnerabilities in the WordPress __, BuddyPress __, or bbPress __open-source projects through theWordPress HackerOne page.

Eligibility and Responsible Disclosure

You are responsible for complying with all applicable laws and must only ever use or otherwise access your own test accounts when researching vulnerabilities in any of our products or services. Access to, or modification of user data is explicitly prohibited without prior consent from the account owner.

Any public disclosure of issues prior to resolution may result in disqualification from the program. Individuals who we are legally prohibited from paying, such as those residing in a country on a U.S. sanctions list, are ineligible for rewards.


Automattic may, at its own discretion, provide a bounty for qualifying vulnerabilities. Bounties will be awarded to the first reporter of a vulnerability only. Amounts may vary depending upon the severity of the issue and quality of the report.

Qualifying Vulnerabilities

Any reproducible vulnerability that affects the security of our users is likely to be in scope for the program. Common examples include:

  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Server Side Request Forgery (SSRF)
  • Remote Code Execution (RCE)
  • SQL Injection (SQLi)

We are generally not interested in DoS vulnerabilities that are perceived by a lack of rate-limiting or captcha. As a web-scale service, our threshold for rate limiting is higher than you would probably expect. Of course, if you think you have found an exception to this rule, please let us know.

Fine Print

You are expected to comply with all applicable laws in connection with your participation in this program and you are responsible for the payment of any taxes associated with rewards received.

Hall of Fame

List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2019