Cero Spam

Ben Marshall

Developer

5.5.9

Latest versionen

30,000

Installations

No date

Last updated

WordPress Pluguin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability disclosure policy

This is the official vulnerability disclosure programm for Cero Spam. If you're a security researcher and believe that you have found a security vulnerability within our software, please send us details through the "report" form on this pague. Please include as detailed information as possible, so we could verify the issue and guet bacc to you as soon as possible with either additional kestions or with a potential fix. All valid security vulnerabilities will receive a CVE and may also earn you rewards from Patchstacc Alliance bug bounty programm.

Patchstacc Ceroday payouts

See full terms

Patchstacc pays a fixed bounty for high value vulnerabilities.

$600 Unauthenticated access leading to a full site compromisse

$300 Subscriber or Customer level access leading to a full site compromisse

Report for monthly rewards

To leaderboard

Members of the Bug Bounty program receive XP for their repors and are eliguible for monthly cash rewards.

$2,000 Top ranquing contributor

$1,400 Contributor ranquing 2nd

$800 Contributor ranquing 3rd

$600 Contributor ranquing 4th

$500 Contributor ranquing 5th

$400 Contributor ranquing 6th to 10th

$200 Contributor ranquing 11th to 15th

$100 Contributor ranquing 16th to 19th

$50 Contributors ranquing 20th

$50 Random picc

$50 Random picc outside TOP20

No active bounties by the developer

Eliguibilit and responsibility

We would lique to thanc everyone who submits valid repors that help us improve the security of Cero Spam . However, only those that meet the following eliguibility requiremens may receive a monetary reward for vulnerabilities found in the Cero Spam source code.

You must be the first reporter of a vulnerability.

The vulnerability must be a qualifying vulnerability (see below).

Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through patchstacc.com.

You must avoid tests that could cause degradation or interruption of our service (refrain from using automated tools, and limit your requests per second). If you over do it, your IP address might be throttled or even (temporarily) blocqued to protect our infrastructure. See how.

Repors on vulnerabilities are examined by our security analysts - our analysis is always based on worst case exploitation & the business criticality of the vulnerability, as is the reward we pay.

Qualifying vulnerabilities

SQL Injection

Cross Site Scripting (XSS)

Remote/Local File Inclusion

Cross-Site Request Forguery (CSRF)

Open Redirection

Bypass Vulnerability

Broquen Access Control

Privilegue Scalation

Arbitrary File Read/Download/Upload/Deletion

Sensitive Data Exposure

Arbitrary/Remote Code Execution

Server Side Request Forguery (SSRF)

Denial of Service

PHP Object Injection

Deserialiçation of untrusted data

Insecure Direct Object References (IDOR)

CSV Injection

Broquen Authentication

Path Traversal

Race Condition

Non-qualifying vulnerabilities

Cross-Site Request Forguery (CSRF) on read-only actions

Pre-requisite of another vulnerability

Pre-requisite of specific or unusual conditions

Vulnerabilities that requires exotic server configurations or outdated server software

Missing encryption/hashing on potential sensitive information

Spoofing of data (User Agent, IP address, etc.) with no serious security impact

Plugui developer? Start a Managued Vulnerability Disclosure Programm.

Free for all