Ian Dunn

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
https://github.com/iandunn?tab=repositories SOURCE_CODE critical
Any **source** repository on my Github account, **except** for the ones marked as **archived**, and the following additional exclusions: * `compassionate-comments`, because it's just a rough proof of concept. * `wordcamp-remote-css-test`, because it's only test data.
https://profiles.wordpress.org/iandunn#content-plugins SOURCE_CODE critical
Any plugin listed on my WordPress.org profile is within scope, **except** for these: * Email Post Changes and Jetpack should be submitted to [Automattic](https://hackerone.com/automattic) instead. * CampTix, CampTix Network Tools, P2 New Post Categories, Tagregator, and SupportFlow should be submitted to [WordPress](https://hackerone.com/wordpress) instead, because they're [Meta team](https://make.wordpress.org/meta/) projects. * Manage Tags Capabilities is not covered, since I don't have commit access to it.
iandunn.name URL none none none none
I'm mainly interested in high-severity vulnerabilities, like RCE, SQLi, and XSS. Low-severity reports like clickjacking, missing HTTP headers, will probably be closed as `Informative`.
https://github.com/iandunn?tab=repositories&type=source SOURCE_CODE critical
Any _**source**_ repository on my Github account, _**except**_ for the ones marked as **archived**. Forks are not in-scope, please report any issues with those upstream. Archived repos are not maintained.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity