MainWP HackerOne
Target Policy
https://hackerone.com/mainwp?type=teamStructured Scope
-
Asset Identifier
Asset Type
Max Severity
-
https://github.com/mainwp/mainwp
We are specifically looking for security violations that would enable access to the users “Network” by a third party when a connection between the MainWP Dashboard and MainWP Child Plugin has already been established. This includes but is not limited to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Broken Authentication, Remote Code Execution SQL injection, and Privilege Escalation.
We are generally not interested in DoS vulnerabilities that are perceived by a lack of rate-limiting or captcha.
SOURCE_CODEcritical -
https://github.com/mainwp/mainwp-child
We are specifically looking for security violations that would enable access to the users “Network” by a third party when a connection between the MainWP Dashboard and MainWP Child Plugin has already been established. This includes but is not limited to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Broken Authentication, Remote Code Execution SQL injection, and Privilege Escalation.
We are generally not interested in DoS vulnerabilities that are perceived by a lack of rate-limiting or captcha.
SOURCE_CODEcritical
Tech Stack
Last Finished Scan:
- Fleet: allkxss
- Duration: 39 Seconds
- Finished: 1 year, 2 months ago