This month’s format will differ slightly from previous months, here’s what we will have on top of our generic competition rules.
Reports for Components with Active VDP Programs
-
Vulnerabilities found in plugins with active mVDP programs earn a 100% AXP boost (instead of default 15-30%) - perfect to get lots of points and accelerate your Level Up! 🚀
-
Extra bounties to TOP 3 researchers for highest impact (based on total CVSS score × active installs of all reports):
- 1st Place +$500
- 2nd Place +$300
- 3rd Place +$200
Reports for Any WordPress Components
Extra bounties to TOP 3 researchers for Highest Active Install Count (requirements - CVSS 7.5+, subscriber or unauthenticated, at least 50K+ active installs):
- 1st Place +$300
- 2nd Place +$200
- 3rd Place +$100
Extra bounties to TOP 3 researchers for Highest CVSS Score (Minimum 10,000 active installs, subscriber/unauthenticated):
- 1st Place +$300
- 2nd Place +$200
- 3rd Place +$100
Extra Bounties of +$100 per unique vulnerability meeting all of the following:
- Minimum 10,000 active installs
- CVSS score 7.5+
- Subscriber or unauthenticated prereq.
- Scope:
- Security plugins
- Payment gateway plugins
- User or role management plugins
Reports for Zeroday Program
Single bounty of +$500 to researcher with Total Highest Impact (total CVSS score × active installs sum of all program eligible reports - at least 3x) 💵
One more thing
Single bounty of +$500 to researcher with Highest Count of Different Types of Vulnerabilities 🤑
Happy hunting.
