Did you discover a security vulnerability in the Pinegrow plugin? We would love to hear about it. Read this guide on responsible disclosure and bounty rewards.
At Pinegrow, we take security seriously and strive to ensure that our WordPress plugin is secure and free from vulnerabilities. In an effort to further strengthen our security measures, we are implementing a security bug bounty program.
If you believe you have discovered a security vulnerability in Pinegrow WordPress plugin, we encourage you to disclose it to us in a responsible manner. In return for your help, we will offer a bounty as a token of our appreciation.
To be eligible for a bounty, the security vulnerability must:
- Be a previously unknown issue that poses a significant risk to the security and integrity of our WordPress plugin.
- Be disclosed to us in a responsible manner, allowing us reasonable time to address the issue before it is made public.
Bounty amounts will be determined on a case-by-case basis, taking into account the severity of the vulnerability and the quality of the report. At this time, the maximum amount offered is 1000 USD.
- We are not interested in vulnerabilities that allow users to circumvent the licensing checks in the plugin in order to use the PRO edition of the plugin without paying for it.
- Use cases where Pinegrow is used in a way that is against the guidelines for responsive and safe use (for example, giving untrusted users access to Pinegrow or importing and opening compromised projects).
- Our desktop products (Pinegrow Web Editor, Theme Converter,…) are not included.
To submit a potential security vulnerability for consideration, please email firstname.lastname@example.org with a detailed description of the issue, steps to reproduce the vulnerability, and any relevant information that may assist us in addressing the issue.
Thank you for helping us keep the Pinegrow plugin secure.