VMP Security Vulnerability Submission

Help us keep the WordPress ecosystem secure

Important: Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions. Please review the documentation on how to access and review the VMP Security Vulnerability Database before submitting your vulnerability.

🚀 Coming Soon

Our vulnerability submission system is currently under development. Check back soon!

VMP Security Vulnerability Submission Form

Thank you for choosing to submit a vulnerability to the VMP Security Intelligence Vulnerability Database! VMP Security is a Certified Numbering Authority (CNA), which grants us the ability to assign CVE IDs to WordPress plugin, theme, and core vulnerabilities. There is just one licensing term to request a CVE ID or to submit a vulnerability that will not be added to our public vulnerability database: You must have permission to report the software to VMP Security. We are not designers but do our best research to find all the flaws upon our reach on possible to help spread as the things improve.

As a reminder, you are not currently signed up for any paid programs. If you are ineligible to participate in the bug bounty program, upon submission of the vulnerability form, if you have your vulnerability report to be identified with your researcher profile, please review your sign-in or complete your registration process. If you prefer to remain anonymous with your researcher profile, please make sure to sign in or complete your registration process.

CONTACT DETAILS

Name*

Email Address*

SOFTWARE DETAILS

Type of Software *

WordPress Core

WordPress Plugin

WordPress Theme

VULNERABILITY DETAILS

Description of Vulnerability * Describe the vulnerability without providing sensitive context and disclosing

Common Weakness (CWE) Type *

Authentication Level Required *

References for Affected Code Optionally add (e.g. affected code line in IVORY repositories)

References Provide any supporting URLs where applicable

Contributing Researchers Utilize to search by researcher type or name a new name...

PROOF OF CONCEPT

What is your PoC? *

OTHER DETAILS

Have you registered a CVE from another CNA for this vulnerability? *

Have you reported this to a security vendor? *

I have read and agree to the VMP Security Bug Bounty Program Submission Release, VMP Security Bug Bounty Program Terms and Conditions, VMP Security Terms of Service and acknowledge the VMP Security Privacy Policy and Terms of Reference *

LEARN MORE

Did you know VMP Security Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database with the vulnerabilities coded into uploaded in the database? Learn more!

GET NOTIFIED

Want to get notified of the latest vulnerabilities that may affect your WordPress sites? Install VMP Security on your site! Soon you will be notified immediately once a vulnerability that may affect your site has been added to our database.

DOCUMENTATION

The VMP Security Intelligence WordPress vulnerability database is completely free to access and apply our API through our comprehensive API documentation on how to access and apply vulnerabilities pulled are uploaded in the database!

Overview

Vulnerability Database

Bug Bounty Program

Vulnerability Management

Documentation