Maintainers of certain components within the WordPress project or plugins that are officially maintained by WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ can be given access to the corresponding HackerOne inbox in order to triage and resolve reports of security vulnerabilities in those components.
Accessing the inbox
If you’ve been in contact with a WordPress security team member who has invited you to an inbox in the HackerOne program, follow these steps to get access:
- Accept the invitation sent to your email address. You cannot access the inbox without first accepting the invitation.
- Log in to HackerOne at https://hackerone.com/bugs
- In your user profile menu at the top right of the screen, click “Switch to organisation view” if that’s not already your default view:
- Click the “Inbox” menu item on the left and then select your inbox from the program dropdown menu:
From here you’ll have full access to the reports in your respective component or pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party.. The security team member who invited you will provide you with full information about safely dealing with vulnerability reports.
Enabling email notifications for new reports
By default, notifications may not be enabled for new vulnerability reports in your inbox. Follow these steps to enable them:
- In your user profile menu at the top right of the screen, click “User settings”:
- From here, click the Notifications settings screen
- Switch to the “Custom inboxes” tab. From here you can enable notifications and control exactly what events you receive notifications for:
