Is there any bounty?
-
I’ve found an XSS and nobody’s fixed it with plugin or code. Where can I get a little bit <s>bitcoins</s> money?
-
What is the URL of the WordPress.COM hosted site your refer to starting with http://?
Please also expand on what you are asking because it is not clear to me.
What is clear to me is that Bitcoins are currently not accepted by WordPress.com. http://en.support.wordpress.com/bitcoin/
The only accepted means of payment for upgrades are found at
http://en.support.wordpress.com/payment/The only form of advertising allowed is for blogs on their own domains that are accepted into the WordAds program.
https://en.support.wordpress.com/advertising/ -
If this site is at WordPress.COM — the vulnerability is at the .COM-zone, too. But I’ve noticed it at my site which is running by WordPress CMS.
I DON’T WANT TO BUY ANYTHING! I’VE FOUND A BUG!
It’s XSS vulnerability. See how it works.
-
Sorry, it’s only in CMS. Just leave a comment with this text:
<img src="" onerror="javasript:alert('XSS vulnerability!');">
By using this vulnerability hacker can get access to your cookies and steal your information, and even change text at site you visiting. -
@marperia for responsible disclosure of security issues in WordPress.com and to be eligible for our bug bounty program, please submit your report via the HackerOne portal.
For security issues in the open source WordPress.org software there are instructions on how to report here.
Note, in this case it looks like you are highlighting a feature of WordPress.org rather than a specific security issue. Some trusted users are allowed to post HTML that is completely unfiltered, you can read more about this here.
- The topic ‘Is there any bounty?’ is closed to new replies.
WordPress.com Forums 
