WordPress is an open-source publishing platform. The WordPress Security Team believes in Responsible Disclosure by alerting the security team immediately and privately of any potential vulnerabilities.
Our HackerOne program covers the Core software, as well as a variety of related projects and infrastructure.
Full details of the WordPress Security Policy and the list of covered projects and infrastructure can be found on HackerOne. You can also read more in a detailed white paper about WordPress Security.
| Version | Supported |
|---|---|
| 6.5.x | Yes |
| 6.4.x | Yes |
| 6.3.x | Yes |
| 6.2.x | Yes |
| 6.1.x | Yes |
| 6.0.x | Yes |
| 5.9.x | Yes |
| 5.8.x | Yes |
| 5.7.x | Yes |
| 5.6.x | Yes |
| 5.5.x | Yes |
| 5.4.x | Yes |
| 5.3.x | Yes |
| 5.2.x | Yes |
| 5.1.x | Yes |
| 5.0.x | Yes |
| 4.9.x | Yes |
| 4.8.x | Yes |
| 4.7.x | Yes |
| 4.6.x | Yes |
| 4.5.x | Yes |
| 4.4.x | Yes |
| 4.3.x | Yes |
| 4.2.x | Yes |
| 4.1.x | Yes |
| < 4.1.0 | No |
Security issues must be submitted via HackerOne and it is recommended you read the full policy document before submitting your report.