Bug Bounties

MainWP

Powered by: 

Allows bounty splitting: 

Average time to first program response: 

Average time to bounty awarded null: 956

Average time to report resolved: 

Handle mainwp

Managed program: false

Name: MainWP

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/mainwp

Website: https://mainwp.com

In scope:

  • Asset identifier: https://github.com/mainwp/mainwp
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: We are specifically looking for security violations that would enable access to the users “Network” by a third party when a connection between the MainWP Dashboard and MainWP Child Plugin has already been established. This includes but is not limited to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Broken Authentication, Remote Code Execution SQL injection, and Privilege Escalation. We are generally not interested in DoS vulnerabilities that are perceived by a lack of rate-limiting or captcha.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/mainwp/mainwp-child
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: We are specifically looking for security violations that would enable access to the users “Network” by a third party when a connection between the MainWP Dashboard and MainWP Child Plugin has already been established. This includes but is not limited to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Broken Authentication, Remote Code Execution SQL injection, and Privilege Escalation. We are generally not interested in DoS vulnerabilities that are perceived by a lack of rate-limiting or captcha.
  • Integrity requirements: 
  • Max severity: critical