{"id":1270,"date":"2025-04-22T13:06:38","date_gmt":"2025-04-22T11:06:38","guid":{"rendered":"https:\/\/krakow.wordcamp.org\/2025\/?post_type=wcb_session&#038;p=1270"},"modified":"2025-06-30T18:15:10","modified_gmt":"2025-06-30T16:15:10","slug":"how-we-closed-almost-1000-plugins-in-a-month-a-story-of-the-biggest-wordpress-bug-bounty-hunt","status":"publish","type":"wcb_session","link":"https:\/\/krakow.wordcamp.org\/2025\/session\/how-we-closed-almost-1000-plugins-in-a-month-a-story-of-the-biggest-wordpress-bug-bounty-hunt\/","title":{"rendered":"How we closed almost 1000 plugins in a month &#8211; a story of the biggest WordPress bug bounty hunt"},"content":{"rendered":"\n<p>In October 2024, our usual bug bounty hunt resulted in receiving 1570 valid reports and closing almost 1000 plugins from the official WordPress repository. This huge number looks scary and seems once again to prove the fact that WordPress ecosystem security is poor.<\/p>\n\n\n\n<p>But is it?<\/p>\n\n\n\n<p>Let&#8217;s dive deeper into how it all happened, what were the consequences, and what we can learn from this.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In October 2024, our usual bug bounty hunt resulted in receiving 1570 valid reports and closing almost 1000 plugins from the official WordPress repository. This huge number looks scary and seems once again to prove the fact that WordPress ecosystem security is poor. But is it? Let&#8217;s dive deeper into how it all happened, what [&hellip;]<\/p>\n","protected":false},"author":13842562,"featured_media":0,"template":"","meta":{"jetpack_post_was_ever_published":false,"_wcpt_session_time":1751185800,"_wcpt_session_duration":1800,"_wcpt_session_type":"session","_wcpt_session_slides":"https:\/\/krakow.wordcamp.org\/2025\/files\/2025\/06\/10.30-Maciej-Palmowski.pdf","_wcpt_session_video":"","_wcpt_speaker_id":[1041],"footnotes":""},"session_track":[26],"session_category":[36],"class_list":["post-1270","wcb_session","type-wcb_session","status-publish","hentry","wcb_track-f-wordpress-dla-developerow","wcb_session_category-english"],"jetpack_sharing_enabled":true,"session_date_time":{"date":"niedziela, 29 czerwca 2025","time":"10:30"},"session_speakers":[{"id":"1041","slug":"maciek-palmowski","name":"Maciek Palmowski","link":"https:\/\/krakow.wordcamp.org\/2025\/speaker\/maciek-palmowski\/"}],"session_cats_rendered":"English","_links":{"self":[{"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/sessions\/1270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/sessions"}],"about":[{"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/types\/wcb_session"}],"version-history":[{"count":2,"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/sessions\/1270\/revisions"}],"predecessor-version":[{"id":1854,"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/sessions\/1270\/revisions\/1854"}],"speakers":[{"embeddable":true,"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/speakers\/1041"}],"author":[{"embeddable":true,"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wporg\/v1\/users\/palmiak"}],"wp:attachment":[{"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/media?parent=1270"}],"wp:term":[{"taxonomy":"wcb_track","embeddable":true,"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/session_track?post=1270"},{"taxonomy":"wcb_session_category","embeddable":true,"href":"https:\/\/krakow.wordcamp.org\/2025\/wp-json\/wp\/v2\/session_category?post=1270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}