Reports in wordpress program: S.No Title Bounty 1 Administrator(s) Information disclosure via JSON on wordpress.org $0.0 2 Lack of Password Confirmation when Changing Password and Email $0.0 3 XSS in the search bar of mercantile.wordpress.org $0.0 4 CSRF to add admin [wordpress] $0.0 5 Infrastructure - Photon - SSRF $0.0 6 Wordpress 4.7.2 - Two XSS in Media Upload when file too large. $0.0 7 Stored self-XSS in mercantile.wordpress.org checkout $0.0 8 Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter $0.0 9 Stored but [SELF] XSS in mercantile.wordpress.org $0.0 10 DOM Based XSS In mercantile.wordpress.org $0.0 11 [Buddypress] Arbitrary File Deletion through bp_avatar_set $0.0 12 Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general $0.0 13 Clickjacking irclogs.wordpress.org $0.0 14 [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection $0.0 15 Clickjacking wordcamp.org $0.0 16 Clickjacking mercantile.wordpress.org $0.0 17 Clickjacking - https://mercantile.wordpress.org/ $0.0 18 Missing SSL can leak job token $0.0 19 Self-XSS in WordPress Editor Link Modal $0.0 20 Unauthenticated hidden groups disclosure via Ajax groups search $0.0 21 Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE. $0.0 22 [BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint $0.0 23 WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure $0.0 24 WordPress core - Denial of Service via Cross Site Request Forgery $0.0 25 Authenticated Cross-site Scripting in Template Name $0.0 26 Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth $0.0 27 Content Spoofing @ https://irclogs.wordpress.org/ $0.0 28 Stored xss via template injection $0.0 29 Lack of Sanitization and Insufficient Authentication $0.0 30 [support.wordcamp.org] - publicly accessible .svn repository $0.0 31 Stored XSS in WordPress $0.0 32 UnResolved ChangeSet are Visible to Public That also Causes Information Disclosure $0.0 33 MediaElements XSS $0.0 34 Open Redirect on the nl.wordpress.net $0.0 35 code.wordpress.net subdomain Takeover $0.0 36 Open API For Username enumeration $0.0 37 XSS on support.wordcamp.org in ajax-quote.php $0.0 38 xss - reflected $0.0 39 Information / sensitive data disclosure on some endpoints $0.0 40 Clickjacking In jobs.wordpress.net $0.0 41 Arbitrary file deletion in wp-core - guides towards RCE and information disclosure $0.0 42 [mercantile.wordpress.org] Reflected XSS $0.0 43 Account takeover vulnerability by editor role privileged users/attackers via clickjacking $0.0 44 Reflected Swf XSS In ( plugins.svn.wordpress.org ) $0.0 45 Multiple stored XSS in WordPress $0.0 46 Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce $0.0 47 Stored XSS in Private Message component (BuddyPress) $0.0 48 Mssing Authorization on Private Message replies (BuddyPress) $0.0 49 CSRF to HTML Injection in Comments $0.0 50 WordPress Automatic Update Protocol Does Not Authenticate Updates Provided by the Server $0.0 51 Stored XSS Vulnerability $0.0 52 Stored XSS on byddypress Plug-in via groups name $0.0 53 Add users to groups who have restricted group invites $0.0 54 Reflected XSS on https://make.wordpress.org via 'channel' parameter $0.0 55 Reflected XSS: Taxonomy Converter via tax parameter $0.0 56 Parameter tampering : Price Manipulation of Products $0.0 57 antispambot does not always escape <, >, &, " and ' $0.0 58 [FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II $0.0 59 plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled $0.0 60 "Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons $0.0 61 Stored XSS on Wordpress 5.3 via Title Post $0.0 62 Potential unprivileged Stored XSS through wp_targeted_link_rel $0.0 63 Wordpress unzip_file path traversal $0.0 64 Privilege Escalation in BuddyPress core allows Moderate to Administrator $0.0 65 CSRF in Profile Fields allows deleting any field in BuddyPress $0.0 66 Allow authenticated users can edit, trash,and add new in BuddyPress Emails function $0.0 67 Improper Access Control in Buddypress core allows reply,delete any user's activity $0.0 68 RCE as Admin defeats WordPress hardening and file permissions $0.0 69 Authenticated Stored Cross-site Scripting in bbPress $0.0 70 CSRF on comment post $0.0 71 Clickjacking on donation page $0.0 72 pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment $0.0 73 Stored XSS in Post Preview as Contributor $0.0 74 Stored XSS on Broken Themes via filename $0.0 75 XSS via unicode characters in upload filename $0.0 76 Arbitrary change of blog's background image via CSRF $0.0 77 Privilege Escalation via REST API to Administrator leads to RCE $0.0 78 Authenticated XXE $0.0 79 PII of users can be downloaded from export pages $0.0 80 wp-embed XSS on Safari $0.0 81 Previously created sessions continue being valid after 2FA activation $0.0