Find a security vulnerability in WordPress, report it and earn the big bucks! WordPress now allows security researchers to report security holes via the HackerOne platform.
Any reproducible vulnerability that affects the security of our users is likely to be in scope for the program. Common examples include:
– Cross Site Scripting (XSS)
– Cross Site Request Forgery (CSRF)
– Server Side Request Forgery (SSRF)
– Remote Code Execution (RCE)
– SQL Injection (SQLi)
Source: _ WordPress: Bug Bounty Program _