WPLP Compliance Platform Bug Bounty Program

Help Us Build a Safer Platform Join our Bug Bounty Program and earn rewards for reporting important vulnerabilities that make a difference.

What’s Covered in Our Bug Bounty Program

Explore the assets open for testing and the boundaries of our program to ensure effective participation.

In-scope assets:

• WPLP Compliance Platform Website (https://wplegalpages.com/): This includes any publicly accessible areas, forms, or interactions on our platform.
• WP Legal Pages Plugin (https://wordpress.org/plugins/wplegalpages/): Focus on functionality, user data security, and potential misuse vulnerabilities.
• WP Cookie Consent Plugin (https://wordpress.org/plugins/gdpr-cookie-consent/): Test for GDPR compliance, cookie consent mechanisms, and user interface security.

Out-of-scope assets:

• Third-party libraries and services: Issues within components not developed by our team.
• Denial of Service (DoS) vulnerabilities: Testing that disrupts operations or availability.
• Social engineering attacks or phishing: Simulated or real attempts to manipulate users or staff.

Reports based solely on automated tools, scanners, or theoretical attack descriptions without demonstrable proof of exploitability will not be accepted.

Rewards for Your Contributions

Celebrate your contributions to enhancing our security while earning rewards!

• Receive a reward for each valid vulnerability you discover within the program’s scope.
• Payouts will be processed once your cumulative rewards reach the minimum threshold, ensuring you get compensated for your efforts.

How to Report a Bug

A streamlined process to submit vulnerabilities and receive prompt evaluations.

• Identify vulnerabilities: Focus on assets within the defined scope of our program.
• Submit your report:
  • Email findings to [email protected] with the subject line: “Bug Bounty Report.”
  • Include these details:
    • Steps to reproduce the issue: Clear and reproducible instructions.
    • Description: Detailed technical or layman-friendly overview of the vulnerability.
    • Impact analysis: Potential risks, including privacy, financial, or reputational damage.
    • Resolution suggestions: Practical steps or changes to fix the issue.
• Acknowledgment and response:
  • Receipt of your report will be acknowledged within 48 hours.
  • Evaluations and updates will be provided within 7-10 business days.
• Reward processing: Valid reports are eligible for payouts once the minimum reward threshold is met.

Guidelines for Responsible Testing

Participate ethically to maintain integrity and trust in the program.

• Perform testing responsibly without causing disruptions to our services or users.
• Do not exploit discovered vulnerabilities in any manner.
• Avoid public disclosures of issues before resolution by our team.
• Ensure compliance with all legal regulations and ethical testing practices.

Ensuring Your Protection

Submit reports in good faith without fear of legal action.

• Good-faith researchers acting ethically are protected from legal actions.
• Ensure adherence to program guidelines to qualify for this protection.
• Your contributions will be valued and respected throughout the process.

Join Our Mission for Security

Your skills can make a significant impact on improving user safety.

• Become a valued member of our Bug Bounty Program and make the web safer.
• For queries or to start reporting, reach out to us at [email protected].
• Start contributing today and help us maintain a secure and trustworthy platform.