Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

Wordfence Bug Bounty Program Monthly Report – October 2025

Last month in October 2025, the Wordfence Bug Bounty Program received 486 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfenc...

Zomato: Availing Zomato gold by using a random third-party `wallet_id`

We received a report from @pandaaaa wherein he demonstrated a way to avail Zomato Gold membership using random Zomato User's wallet. The report was triaged and rewarded with critical severity with a CVSS score of 9.3. It was considered critical since a random user's wallet could have been used fo...

Mail.ru: Xss Reflected On spgw.terrhq.ru [ url ]

Researcher found Reflected XSS and Blind SSRF via the same GET parameter. Bounty was awarded for SSRF. Reflected Xss And Non-Blind Ssrf Via The same GET Parameter...

ravenshoesecurity.com XSS vulnerability

Vulnerable URL: https://www.ravenshoesecurity.com/purchase.php?action=purstname=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:14 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

Palestinian hacker, who hacked Zuckerberg's Facebook account to be rewarded with $12,000

The Palestinian hacker 'Khalil Shreateh', who broke into the Mark Zuckerberg's Facebook Timeline to expose a security lapse will be awarded nearly $12,000 but not from Facebook, it will come from an online crowdsourced campaign. The hacker initially used Facebook's whitehat disclosure program, a...