Reporting security issues
WooCommerce cares deeply about security and works hard to keep our merchants and their customers safe.
You can find our security policy over here and, if you believe you have discovered a vulnerability, we encourage you to follow it and submit your findings via HackerOne-a trusted third party service that facilitates reporting of security issues. Please refer to the policy for more details, however some key points are as follows:
- We operate a bug bounty program, so you can be rewarded for valid reports, but not everything is in scope. Please check the guidance before posting.
- We strongly encourage responsible disclosure. To better protect everyone, please use HackerOne and do not post your findings in a public forum.
Thank you for being a responsible reporter!
Last updated: January 18, 2024