There are many reasons to submit WordPress core, plugin vulnerabilities and theme vulnerabilities to the WPScan WordPress vulnerability database. We’ve listed just a few below!
1. Responsible Disclosure
Our team will help you with the vulnerability responsible disclosure process. Submit the vulnerability details to us and we will ensure that the vulnerability is handled properly. We will contact the plugin authors, report the issue, and ensure that the vulnerability is properly patched before releasing the details publicly. If we don’t get an answer from the developers, we will escalate the vulnerability to our contacts at WordPress, who will take further action.
2. Expert Help
Our team of WordPress security experts will help you unwind the technical details of the vulnerability and double check all of the details. Is the vulnerability an authenticated issue? Is it a false positive? Can it be exploited with DISALLOW_UNFILTERED_HTML constant enabled?
3. Get Your CVE!
WPScan is a WordPress CVE Numbering Authority (CNA), which means that we are allowed to assign CVE numbers to vulnerabilities directly. Our team assigns hundreds of CVE numbers to security researchers. At the time of writing, we are the third most active CNA globally. We are one of only two CNA’s in France. And we were the first ever WordPress specific CNA. Submit your vulnerability to us and start collecting CVEs!
4. Get Recognition
If you choose to include your name, pseudonym, website or Twitter handle, when you submit a WordPress vulnerability to us, we’ll include these details on the vulnerability page on wpscan.com and within our WPScan security scanner, which is used by security testers globally and included in Kali Linux.
5. Get Rewarded
Every month we give away prizes to a select number of security researchers selected at random. This can include Amazon gift vouchers, awesome WPScan swag, and even OSCP courses. Our rewards are increasing in frequency over time and are getting bigger all the time!
6. Help Secure The Web
Every vulnerability reported to us helps make the web a safer place. At the time of writing, WordPress runs on 42.4% of all websites. Every vulnerability patched has a direct impact on keeping the web a safer place and improving the WordPress eco-system.
So what are you waiting for? Get submitting! Happy Hacking! 🙂