Welcome to PlugBounty

The open-source component bug hunting platform (beta)

Plugbounty is the first open-source component bug bounty platform. Earn money, compete with other hackers and make the web a safer place by finding security bugs among thousands of open-source components.

Get started See what we do

How does it work?

Our advantages

Automatic Component Listing

Thousands of Components

There are thousands of open-source components such as WordPress plugins and PHP extensions (coming soon) that can be audited. Quickly find the most popular components with the widest attack surface that are automatically listed by Plugbounty.

Components are automatically listed

All information in one place

Wide range of components

Researchers Leaderboard

Community of hackers

Receive research score for every bug you find. Researchers will be ranked based on the research score on monthly and weekly leaderboard.

Gain exposure as security researcher

Create your portfolio of research

Give back to the security community

Earn from the findings

Monthly Prizes

Wether or not a vendor reacts on your findings, Plugbounty team will review the report and you will get the research score. Every month, a fixed budget will be paid out to top researchers on the leaderboard.

Top 5 researchers will receive prizes every month

Vendors can pay suggested tip based on the report

Last published reports

Reported on Plugbounty

  • Stored XSS in FV Flowplayer Video Player

    Stored Cross-site Scripting

    by WebARX

  • Reflected XSS in Blog2Social

    Reflected Cross-site Scripting

    by WebARX

  • Unauthorized Settings Update

    Insecure Direct Object Reference on a critical function

    by WebARX

Sign up now

For developers

Discover the bugs and vulnerabilities before the bad guys do

Protect your reputation and gain trust in community

Involve top security researchers to your product development

Sign up as a developer

Sign up now

For hackers

There are a huge number of plugins and extensions listed

Code in mostly public and it’s easier to find bugs and vulnerabilities

Monthly prizes by PlugBounty for top hackers

Sign up as a hacker

Copyright © 2022 PlugBounty.
All rights reserved.