Instruction: **The Blog Network**
*Note: Blogs are cached for 1 minute after first request (60s from first request); content is re-loaded into cache when a new request is submitted after the 61st second.*
How to identify you are looking at the Blog Network:
* Header: `X-tumblr-user` can be used to identify if the domain is a blog on the Blog Network
* View the domain in a browser, there will be a Tumblr banner visible.
Exclusions for this asset:
* JavaScript is allowed; XSS is excluded from eligibility.
* Pages can be framed; Clickjacking or other X-Frame-Options attacks are excluded from eligibility.
Integrity requirements: high
Max severity: critical
Asset identifier: Crowdsignal
Asset type: OTHER
Availability requirement: medium
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Any issues on https://crowdsignal.com/, and or Crowdsignal WordPress plugins
Integrity requirements: medium
Max severity: critical
Asset identifier: Jetpack
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Any issues related to the Jetpack plugin https://github.com/Automattic/jetpack and/or https://jetpack.com/
Integrity requirements:
Max severity: critical
Asset identifier: WooCommerce
Asset type: OTHER
Availability requirement:
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: Any security issues on the WordPress WooCommerce plugin (https://wordpress.org/plugins/woocommerce/) and/or https://woocommerce.com/
Integrity requirements:
Max severity: critical
Asset identifier: WordPress Plugins & Themes
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Any security issue found on any WordPress plugin or theme that's **maintained/created by Automattic**.
This includes but is not limited to
- WP-Supercache (https://wordpress.org/plugins/wp-super-cache/)
- WP-Job-Manager (https://github.com/Automattic/WP-Job-Manager)
- Sensei LMS (https://github.com/Automattic/sensei)
See https://profiles.wordpress.org/automattic/ for more details
Integrity requirements: medium
Max severity: critical
Asset identifier: WordPress.com VIP
Asset type: OTHER
Availability requirement: medium
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: Any issue in the WordPress.com VIP infrastructure, WordPress plugins, or client sites.
Integrity requirements: medium
Max severity: critical
Asset identifier: akismet.com
Asset type: URL
Availability requirement:
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Any issues on https://akismet.com/, or the Akismet WordPress plugin.
Integrity requirements:
Max severity: critical
Asset identifier: api.tumblr.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: assets.tumblr.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: com.tumblr
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: - Minimum OS version: API 21
Exclusions:
- API keys in code
- Certificate pinning
Integrity requirements: low
Max severity: high
Asset identifier: com.tumblr.tumblr
Asset type: APPLE_STORE_APP_ID
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: - Minimum OS version: iOS 11
Exclusions:
- API keys in code
- Certificate pinning
Integrity requirements: low
Max severity: high
Asset identifier: embed.tumblr.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: happy.tools
Asset type: URL
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: low
Max severity: medium
Asset identifier: intensedebate.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: low
Max severity: medium
Asset identifier: mailpoet.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Any issue in https://www.mailpoet.com/, or the MailPoet WordPress plugin.
