WP Cerber Bug Bounty Program
Our customers trust us to protect their websites, and we are deeply committed to maintaining a secure and trustworthy approach to website protection. We take this trust and our reputation very seriously. That is why our priority is to develop secure software solutions and that is why have launched the WP Cerber bug bounty program.
Main principles of the program
WP Cerber bug bounty program applies to privately disclosed vulnerabilities only. We do not reward publicly disclosed vulnerabilities.
We do not reward vulnerabilities reported via a third party. Which means the only way to get a bounty is to report a vulnerability directly to us by using the form below.
We accept a vulnerability report with a proof we can reproduce. The report must include the description of all steps to reproduce the security issue. Feel free to use screenshots, video, text files.
Qualifying vulnerabilities
Any design or implementation flaw that substantially affects the security or integrity of an end-user website is likely to be in scope for the program. Common examples include:
- Cross-site scripting,
- Cross-site request forgery,
- Privilege escalation,
- Unauthorized access,
- Bypassing configured access restrictions,
- Bypassing IP Access Lists restrictions,
- Authentication or authorization flaws.
Reward amounts for security vulnerabilities
The exact reward amount depends on various factors, such as the nature and impact of the vulnerability, the risk it poses, and its exploitability.
For a critical vulnerability that meets all the requirements listed on this page, you can receive up to $1000. However, the final amount is always at our discretion, and we may choose to pay a higher reward for an unusually clever vulnerability or a lower reward for a vulnerability that requires unusual user interaction. If you are not interested in the monetary reward or cannot receive it, we offer free license keys for the professional version of WP Cerber.
Submitting your vulnerability report
Use this form to submit your report: Submit a vulnerability report
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.