WordPress 6.6 will be the next major releaseMajor Release A set of releases or versions having the same major version number may be collectively referred to as “X.Y” -- for example version 5.2.x to refer to versions 5.2, 5.2.1, and all other versions in the 5.2. (five dot two dot) branch of that software. Major Releases often are the introduction of new major features and functionality..

With its BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 1 set to be released on June 4th, 2024, it is about time we start inviting security researchers to look into new bugs!

Any security issue that is found after the release of WordPress 6.6 Beta 1 and before the final RCRelease Candidate A beta version of software with the potential to be a final product, which is ready to release unless significant bugs emerge. is out, will be eligible for double the bounties. The security issue should be in the new code that is introduced in 6.6.

Full schedule of WordPress 6.6 Beta/RC releases is here. If you believe you have found a valid bug, please reach out to us via HackerOne. Please go through the program policy before submitting a report.

It’s start of a new year, and WordPress 6.5 is almost ready – the first major releaseMajor Release A set of releases or versions having the same major version number may be collectively referred to as “X.Y” -- for example version 5.2.x to refer to versions 5.2, 5.2.1, and all other versions in the 5.2. (five dot two dot) branch of that software. Major Releases often are the introduction of new major features and functionality. of 2024!

The BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 1 is set to be launched tomorrow, February 13, 2024. Like previous major releases, we’re inviting security researchers to try and find security issues between Beta 1 and the final release candidateRelease Candidate A beta version of software with the potential to be a final product, which is ready to release unless significant bugs emerge. that target the new code. Valid submissions will be eligible for double the bounties.

Several new features and improvements are planned for WordPress 6.5. As an example, here’s a summary of the improvements we’re going to see in the Editor, where one likely spends most of their time.

Full release schedule is here.

How to report security issues?
WordPress security team accepts security issues through our HackerOne program. The general eligibility criteria for reports is mentioned in the program policy and must be followed.

As a reminder, reports that highlight issues in the new code will be eligible for double bounties.

Think you found a security bug in WordPress 6.4 BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process.?

The WordPress Security Team wants to find potential security issues before they land in the final WordPress release. Like last time, we’d love to see researchers focusing more of their attention on new code being introduced in beta releases, so we’re offering to double the bounty for any new vulnerability in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. that is reported after Beta 1 and before the final release candidateRelease Candidate A beta version of software with the potential to be a final product, which is ready to release unless significant bugs emerge. (RCRelease Candidate A beta version of software with the potential to be a final product, which is ready to release unless significant bugs emerge.).

For example, a bug that would normally be awarded $600 would be doubled to $1200 if reported in the new code between Beta 1 and the final RC.

Release schedule for WordPress 6.4 Beta/RC releases can be found here (Beta 1 is scheduled for today). There’s usually about a month between the first beta and the last release candidate (RC).

How can I report security issues?

WordPress security team accepts security issues through our HackerOne program. The general eligibility criteria for reports is mentioned in the program policy and must be followed.

Do existing vulnerabilities qualify if I report them during the beta period?

No, the intent of the bonus is to catch security bugs before they make it into a final release, so only vulnerabilities in new code qualify.

WordPress 5.8 BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 1 was released last week. It’s the upcoming major update and we’d love our security researcher friends to take a look at it, see if you can find any vulnerabilities in the new code.

WordPress 5.8 will contain new features and optimizations. For example, the new blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. based Widgets Editor; it’s an upgrade to the widgetWidget A WordPress Widget is a small block that performs a specific function. You can add these widgets in sidebars also known as widget-ready areas on your web page. WordPress widgets were originally created to provide a simple and easy-to-use way of giving design and structure control of the WordPress theme to the user. areas provided by WordPress through themes and a complete replacement for the widgets admin screen.

As a reminder, we double the bounty for all our covered software, provided you’re able to find issues in new code before the final release candidateRelease Candidate A beta version of software with the potential to be a final product, which is ready to release unless significant bugs emerge. (RCRelease Candidate A beta version of software with the potential to be a final product, which is ready to release unless significant bugs emerge.) is out. For example, a $600 bounty would be doubled to $1200, flat.

Things normally start from beta1 – that’s currently the case for WordPress 5.8 Beta 1.

You can take a look at the release schedule for 5.8 beta/RC releases here.

Potential issues can be submitted here.

Happy bug hunting!