Security Links
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.
#BUGBOUNTY
BugCrowd Blog

Blog from BugCrowd.

https://www.bugcrowd.com/blog/
Code4rena

Top auditors compete to keep high severity bugs out of production. Start a public or private audit within 48 hours.

https://code4rena.com/
GitHub Security Lab Bug Bounty

The CodeQL Bug Bounty program operated by the GitHub Security Lab aims at scaling the security research community’s work across open source projects. The All For One protects against future vulnerabilities by coding and eradicating a pattern, while the Bug Slayer fixes existing occurrences of this pattern. A bounty hunter can apply to both programs sequentially to maximize their positive impact on open source projects, and their gain.

https://securitylab.github.com/bounties/
HackerOne Hacktivity

The world's best dynamic repository for security vulnerabilities.

https://hackerone.com/hacktivity/overview
BugCrowd

Bugcrowd teams with elite security researchers to reduce risk & improve security ROI through our bug bounty, pen testing, & vulnerability disclosure programs.

https://www.bugcrowd.com/
Immunefi

On Immunefi, hackers secure web3, save funds from theft, and get paid the world's largest bug bounties.

https://immunefi.com/hackers/
InfoSec Write-ups

Awesome write-ups from the world’s best hackers intopics ranging from bug bounties, CTFs, Hack the box walkthroughs, hardware challenges, and real-life encounters.

https://infosecwriteups.com/
BugBountyHunter

Helping you become a BugBountyHunter.

https://www.bugbountyhunter.com/
HackerOne

Reduce the risk of a security incident by working with the world’s largest community of trusted ethical hackers. HackerOne offers bug bounty, VDP, security assessments, attack surface management, and pentest solutions.

https://hackerone.com/
Microsoft Bug Bounty Program

Microsoft offers cash awards for finding and reporting certain types of vulnerabilities and exploitation techniques.

https://www.microsoft.com/en-us/msrc/bounty
huntr

The world’s first bug bounty platform for AI/ML. huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications, including those powered by Open Source Software (OSS).

https://huntr.com/
Google Bug Hunters

Welcome to Google's Bug Hunting community, learn more about hunting & reporting bugs you’ve found in Google products.

https://bughunters.google.com/
HackenProof

Expert Bug Bounty Platform for Crypto Projects.

https://hackenproof.com/
Intigriti

Bug bounty and agile penetration testing solutions powered by Europe's leading network of ethical hackers.

https://intigriti.com/
Intigriti Blog

Blog by Intigriti.

https://blog.intigriti.com/
Sherlock

Compete against the world's top crypto security experts and make a name for yourself.

https://audits.sherlock.xyz/contests
BugBase Programs Directory

Lock unto your next target, bounty hunter! Browse through the latest hacktivity to keep your bug hunting ongoing and find the contact information to report your findings to them. You can even save your targets for later.

https://bugbase.ai/programs
YesWeHack

Explore YesWeHack, leading global Bug Bounty & Vulnerability Management Platform. Connect with tens of thousands of ethical hackers worldwide to uncover vulnerabilities in your websites, mobile apps, and digital infrastructure, bolstering your cyber defense strategy.

https://www.yeswehack.com/
BugBase Blogs

Blogs from BugBase.

https://bugbase.ai/blog
huntr Hacktivity

Browse all public vulnerabilities.

https://huntr.com/bounties/hacktivity/