wp-api

WP API

Access your WordPress site’s data through an easy-to-use HTTP REST API.

WP API is responsible for WordPress site data from posts to users, including private data. While we've taken every effort to consider security and privacy concerns while building the API, all software has bugs. If you believe you've found a security issue in the API, we want to work with you to ensure the issue is fixed and distributed to users as quickly as possible.

Scope

The scope of this project is limited to the latest version of any of the following projects running on WordPress 3.9 or newer:

You should install a copy of the project and WordPress on your own server. Do not test on servers you do not own.

While we take compatibility with other plugins seriously, it is at our discretion as to whether we accept issues caused by interactions with other plugins. If we decide to accept these issues, we will also attempt to work with the other plugin developers to resolve the issue.

Severe issues include (but are not limited to) remote code execution exploits, SQL injection, and privilege escalation. Severity will be assessed at the team's discretion.

Response

We will attempt to respond to reports within a week at latest, typically within 48 hours. (Keep in mind that we are distributed across timezones, and this may cause a delay if we need to discuss internally.) Severe issues will be handled as soon as possible, while all other issues will be handled as part of our normal bug triaging process.

Now
WP API resolved a report that was submitted by kacperszurek.
3 months ago
WP API rewarded kacperszurek with a bounty.
3 months ago
WP API published their program on HackerOne.
About 1 year ago
  • $50
    Minimum bounty
  • 2
    Hackers thanked
  • 2
    Reports closed