WordPress Security
WordPress Security
Posted By Gregory

WP Cerber Bug Bounty Program

Our customers trust us to protect their websites, and we are deeply committed to maintaining a secure and trustworthy approach to website protection. We take this trust and our reputation very seriously. That is why our priority is to develop secure software solutions and that is why have launched the WP Cerber bug bounty program.

Main principles of the program

WP Cerber bug bounty program applies to privately disclosed vulnerabilities only. We do not reward publicly disclosed vulnerabilities.

We do not reward vulnerabilities reported via a third party. Which means the only way to get a bounty is to report a vulnerability directly to us by using the form below.

We accept a vulnerability report with a proof we can reproduce. The report must include the description of all steps to reproduce the security issue. Feel free to use screenshots, video, text files.

Qualifying vulnerabilities

Any design or implementation flaw that substantially affects the security or integrity of an end-user website is likely to be in scope for the program. Common examples include:

  • Cross-site scripting,
  • Cross-site request forgery,
  • Privilege escalation,
  • Unauthorized access,
  • Bypassing configured access restrictions,
  • Bypassing IP Access Lists restrictions,
  • Authentication or authorization flaws.

Reward amounts for security vulnerabilities

The exact reward amount depends on various factors, such as the nature and impact of the vulnerability, the risk it poses, and its exploitability.

For a critical vulnerability that meets all the requirements listed on this page, you can receive up to $1000. However, the final amount is always at our discretion, and we may choose to pay a higher reward for an unusually clever vulnerability or a lower reward for a vulnerability that requires unusual user interaction. If you are not interested in the monetary reward or cannot receive it, we offer free license keys for the professional version of WP Cerber.

Submitting your vulnerability report

Use this form to submit your report: Submit a vulnerability report

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.