The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security researchers and help clean up the WordPress ecosystem. This exciting event is packed with expanded scope , higher submission limits , and bigger bonuses —all aimed at ending the year with a bang while also educating up and coming developers on security best practices. During the last promotion, we received nearly 700 vulnerability submissions and awarded over $40,000 in bounties. This time, we aim to take the promotion to the next level with a goal to receive over 1,000 submissions and award more than $100,000 in bounties—creating a truly exciting opportunity for our researchers! Key Highlights of the End of Year Holiday Extravaganza Promotion Dates : November 12, 2024 – December 9, 2024 Expanded Scope : All plugins and themes with >= 1,000 active installs are in-scope for all researchers AND plugins and themes hosted on WordPress.org with 50–999 active installations , updated within the last 2 years, are now in scope for all researchers. Automatic Bonuses ranging from 5%–180% , based on active installs and researcher tier. Minimum Bounty : $5 for any in-scope vulnerability reported during the promotion period. Increased Pending Report Limits for all researcher levels. Superhero Challenge…Read More
