From now through September 22, 2025 , we’re running our SQLsplorer Challenge , focused on SQL Injection vulnerabilities. During this challenge, we’re expanding the scope of the Wordfence Bug Bounty Program to encourage deeper research into SQL Injection vulnerabilities and broader participation from researchers looking to get started, and we’re adding a 20% bounty bonus for all valid SQL Injection reports submitted during the challenge. Opportunities for Researchers of All Levels Last year’s XSSplorer Challenge was a great success, opening the door for many new researchers to get started with the Wordfence Bug Bounty Program. Since then, we’ve been eager to launch a new challenge with the same goal: providing new researchers a chance to sharpen their skills, while giving seasoned researchers an opportunity to earn even more. Expanded Scope: SQL Injection Across All Auth Levels During the SQLsplorer Challenge, all SQL Injection vulnerabilities are in-scope regardless of authentication level with a minimum active installation count of 25 installs. This scope expansion applies to all researchers, regardless of your current researcher tier. This means that all researchers, new and experienced, can submit SQL Injection vulnerabilities such as contributor-level, subscriber-level, unauthenticated, or author-level in all WordPress plugins and themes as long as it has 25 active installations, and earn a bounty per submission. The only exception: High-privileged authentication…Read More