🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program
Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!
Review what's in scope for your tier and updated bounties with bonuses here!
I, the "Researcher," am submitting to Company the Wordfence Vulnerability Submission Form (the "Submission"). Defiant, Inc., a Delaware corporation, and its officers, directors, employees, agents, licensees, independent contractors, successors, and assigns are referred to herein collectively as "Company."
I am executing and agree to be bound by these Submission Release ("Agreement") in consideration of Company's receipt of the Submission for possible review and Validation in Company's sole discretion/review.
Submissions. I understand and acknowledge that:
Validation and Reward Payment.
Acceptance, Responsible Disclosure, and Publication.
License Grant. Upon Reward Payment, I hereby grant to Company and Company's affiliates and assigns an exclusive, unrestricted, royalty-free, perpetual, irrevocable, freely transferable, and freely sublicensable license to use, reproduce, modify, prepare derivative works of, distribute, copy, perform, and display the Submission, in any form, for any purpose in accordance with the terms and conditions of this Agreement.
Company Obligation. I acknowledge that the only obligation Company undertakes hereunder is to receive the Submission for possible review and to review the Submission if and to the extent Company deems appropriate in its sole discretion. Prior to a Submission being published, Company will not submit any Vulnerability information provided by you to another bug bounty or vulnerability disclosure program. No other obligation or duty of any kind is assumed by or may be implied against Company. Company may, but is not obligated to, return the Submission to me. I have retained a copy of the Submission. Company shall not be liable in any way for any loss of the Submission, irrespective of whether it is lost, misplaced, stolen, or destroyed in transit or while in Company's possession or otherwise.
Researcher Indemnification. Except as this Agreement otherwise provides, I hereby irrevocably and unconditionally release and discharge Company from liability under any and all claims, demands, actions, suits, damages, and expenses of every kind whatsoever, known or unknown in any jurisdiction throughout the world (collectively, "Claims"), that may arise directly or indirectly in relation to the Submission or by reason of any claims now or hereafter made by me that Company has used or appropriated the Submission, except for fraud or willful misconduct on Company's part. I shall indemnify Company from and against all Claims arising in connection with my breach or alleged breach of this Agreement.
Researcher Warranty. I represent and warrant that:
General Terms.
Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!
Learn moreWant to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.
The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.
Documentation