VMP™ Security Vulnerability Submission

Help us keep the WordPress ecosystem secure

Important: Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions. Please review the documentation on how to access and review the VMP™ Security Vulnerability Database before submitting your vulnerability.

Coming Soon

Our vulnerability submission system is currently under development. Check back soon!

VMP™ Security Vulnerability Submission Form

Thank you for choosing to submit a vulnerability to the VMP™ Security Intelligence Vulnerability Database! VMP™ Security is a Certified Numbering Authority (CNA), which grants us the ability to assign CVE IDs to WordPress plugin, theme, and core vulnerabilities. To request a CVE ID, please review the submission guidelines below. You must have permission to report the software to VMP™ Security. Our team thoroughly researches and documents vulnerabilities to help improve security across the WordPress ecosystem.

This form is for submitting new vulnerability reports. All submissions are reviewed by our security team. If you would like your vulnerability report to be identified with your researcher profile, please sign in or complete your registration process. If you prefer to remain anonymous, you may submit without signing in.

CONTACT DETAILS

Name*

Email Address*

SOFTWARE DETAILS

Type of Software *

WordPress Core

WordPress Plugin

WordPress Theme

VULNERABILITY DETAILS

Description of Vulnerability * Describe the vulnerability in detail. Include steps to reproduce, affected versions, and potential impact.

Common Weakness (CWE) Type *

Authentication Level Required *

References for Affected Code Optionally add code references (e.g., affected file and line number)

References Provide any supporting URLs where applicable

Contributing Researchers Add a researcher to this vulnerability report

PROOF OF CONCEPT

What is your PoC? *

OTHER DETAILS

Have you registered a CVE from another CNA for this vulnerability? *

Have you reported this to a security vendor? *

I have read and agree to the VMP™ Security Bug Bounty Program Submission Release, VMP™ Security Bug Bounty Program Terms and Conditions, VMP™ Security Terms of Service and acknowledge the VMP™ Security Privacy Policy and Terms of Reference *

LEARN MORE

Did you know VMP™ Security Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database about submitting and managing vulnerability reports in the database? Learn more!

GET NOTIFIED

Want to get notified of the latest vulnerabilities that may affect your WordPress sites? Install VMP™ Security on your site! Soon you will be notified immediately once a vulnerability that may affect your site has been added to our database.

DOCUMENTATION

The VMP™ Security Intelligence WordPress vulnerability database is completely free. Access our comprehensive API documentation to learn how to query and integrate vulnerability data from our database.

Vulnerability Database

Bug Bounty Program

Vulnerability Management

Documentation

Overview