Patchstack is always looking for new ways to make the WordPress ecosystem safer by organizing various events for ethical hackers and security researchers. Our experiments sometimes lead to unexpected results. Also, these events sometimes uncover issues that were overlooked before. Our latest experiment took place in October. We announced a special event for our Bug […]
We’re excited to announce the official launch of Patchstack Academy – your go-to platform for learning about ethical hacking and securing your code Why Patchstack Academy? When searching for WordPress security online, most results focus on securing websites or recommending plugins (like Patchstack!). However, resources for aspiring ethical hackers and developers seeking to enhance […]
The WordPress Bug Bounty program by Patchstack is something that we are proud of. We were the pioneers and icebreakers who revolutionized the WordPress ecosystem by starting the first public Bug Bounty program, which included all WordPress plugins/themes and even core in its scope. We were the first ones to offer bounties for vulnerabilities discovered […]
Patchstack has been pioneering the WordPress bug bounty hunting scene for many years now. 6 years ago, we came up with an idea on how to make open-source bug bounty hunting cover even the smallest projects (regardless of whether they make money or not). This project was later renamed to Patchstack Red Team and then […]
This year was legendary for the Patchstack Alliance bounty program project, and to finish this year on the highest note, we decided to make four additional weekly events for December. Some of you remember when we did that last year, and it was a mind-blowing competition that echoed for several months after. So let’s do […]
For the last two years, the results of the Patchstack open-source bounty program have been growing fast. In January alone, we’ve received 418 valid vulnerability reports. We crossed the mark of 1K valid vulnerability reports this year at the beginning of April and then added over 1000 vulnerabilities in July alone, so you can imagine […]
Behold, a new Patchstack Alliance season is here! We thought you might get bored without new challenges, so we prepared an exciting season. The season starts tomorrow, April 1st (it’s not a joke), and ends on June 30th. You’ll have three months of fun. Let’s start with the things we will hunt for this season […]
We are beyond excited to celebrate the winter holidays and the launch of the Patchstack Alliance Discord community with a special WordPress bug-hunting event taking place throughout December 2022. In December, we released a public leaderboard and profiles for the top security researchers who contribute to making WordPress and the open-source web more secure. You […]
With another busy month behind us, let’s see what the Patchstack Alliance members dug up in September! Our researchers found 53 confirmed vulnerabilities. 9 of the vulnerabilities were found in plugins with 100,000+ installs across WordPress, including one with 2 million installs. Thought to be fair, that vulnerability in question was not particularly severe. A […]
It’s September, which means it’s time to look back at what our security researchers got up to in the last month of summer – and what a hot time it was! A very busy august The Patchstack Alliance reported 105 new validated vulnerabilities last month. This doesn’t mean that WordPress plugin developers have gotten lazy […]