From now through October 7th, 2024, we are expanding the scope of our Bug Bounty Program to include all Cross-Site Scripting (XSS) vulnerabilities—both Reflected and Stored—in any WordPress plugin or theme with at least 1,000 active installations for all researchers. This temporary scope expansion applies to all researchers, regardless of their current tier, providing an opportunity for everyone to explore well over 12,000 software targets for XSS vulnerabilities. We’re calling this the WordPress XSSplorer Challenge, an initiative designed to encourage researchers at all levels to explore the WordPress ecosystem and uncover as many XSS vulnerabilities as possible. An Opportunity for Researchers of All Levels Recognizing that our bug bounty program can be challenging for those new to the WordPress Bug Bounty space due to minimum install count requirements, we’re providing an inclusive opportunity for everyone – whether you’re just starting out or already a seasoned researcher – to explore one of the most common vulnerabilities in WordPress. Cross-Site Scripting (XSS) vulnerabilities are frequently introduced and widely found, making this challenge an excellent entry point for new researchers and a rewarding focus for experienced ones. We’re anticipating an unprecedented level of participation and expect to see record numbers of vulnerabilities identified and remediated. Your contributions will directly enhance the security of millions of WordPress users worldwide….Read More