Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

wpengine/wpengine

IntigritiView on Intigriti

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (15)

Asset	Category	Bounty	Quick Links
*. advancedcustomfields.com	WILDCARD	No	-
*. bettersearchreplace.com	WILDCARD	No	-
*.deliciousbrains.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
*.studiopress.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
*.wpengine.io	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
*.wpesvc.net	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
NitroPack Plugins	OTHER	No	-
WP Engine-developed WordPress Plugins and Themes	OTHER	No	-
app.getflywheel.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
getflywheel.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://nitropack.io	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
my.wpengine.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
spressforumstg.wpengine.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
studiopress.blog	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
wpengine.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Out-of-Scope Assets (2)

Asset	Category	Bounty
https://getflywheel.com/schedule-a-demo/	URL	No
https://wpengine.com/contact/	URL	No

Scope Changes (51)

Feb 25, 2026

Change	Asset	Category	Scope	Time
Added	*. bettersearchreplace.com	WILDCARD	In Scope	19:08
Added	studiopress.blog	URL	In Scope	19:08
Added	https://wpengine.com/contact	URL	Out of Scope	19:08
Added	*. advancedcustomfields.com	WILDCARD	In Scope	19:08
Added	getflywheel.com	URL	In Scope	19:08
Added	my.wpengine.com	URL	In Scope	19:08
Added	wpengine.com	URL	In Scope	19:08
Added	*.wpengine.io	WILDCARD	In Scope	19:08
Added	nitropack plugins	OTHER	In Scope	19:08
Added	https://getflywheel.com/schedule-a-demo	URL	Out of Scope	19:08
Added	*.wpesvc.net	WILDCARD	In Scope	19:08
Added	wp engine-developed wordpress plugins and themes	OTHER	In Scope	19:08
Added	*.deliciousbrains.com	WILDCARD	In Scope	19:08
Added	*.studiopress.com	WILDCARD	In Scope	19:08
Added	app.getflywheel.com	URL	In Scope	19:08
Added	https://nitropack.io	URL	In Scope	19:08
Added	spressforumstg.wpengine.com	URL	In Scope	19:08

Feb 22, 2026

Change	Asset	Category	Scope	Time
Added	wp engine-developed wordpress plugins and themes	OTHER	In Scope	00:49
Added	*. advancedcustomfields.com	WILDCARD	In Scope	00:49
Added	app.getflywheel.com	URL	In Scope	00:49
Added	https://wpengine.com/contact	URL	Out of Scope	00:49
Added	*.wpengine.io	WILDCARD	In Scope	00:49
Added	my.wpengine.com	URL	In Scope	00:49
Added	wpengine.com	URL	In Scope	00:49
Added	studiopress.blog	URL	In Scope	00:49
Added	*. bettersearchreplace.com	WILDCARD	In Scope	00:49
Added	*.deliciousbrains.com	WILDCARD	In Scope	00:49
Added	*.studiopress.com	WILDCARD	In Scope	00:49
Added	getflywheel.com	URL	In Scope	00:49
Added	nitropack plugins	OTHER	In Scope	00:49
Added	spressforumstg.wpengine.com	URL	In Scope	00:49
Added	*.wpesvc.net	WILDCARD	In Scope	00:49
Added	https://nitropack.io	URL	In Scope	00:49
Added	https://getflywheel.com/schedule-a-demo	URL	Out of Scope	00:49

Feb 21, 2026

Change	Asset	Category	Scope	Time
Added	*. advancedcustomfields.com	WILDCARD	In Scope	18:51
Added	*. bettersearchreplace.com	WILDCARD	In Scope	18:51
Added	*.deliciousbrains.com	WILDCARD	In Scope	18:51
Added	*.studiopress.com	WILDCARD	In Scope	18:51
Added	*.wpengine.io	WILDCARD	In Scope	18:51
Added	*.wpesvc.net	WILDCARD	In Scope	18:51
Added	app.getflywheel.com	URL	In Scope	18:51
Added	getflywheel.com	URL	In Scope	18:51
Added	https://nitropack.io	URL	In Scope	18:51
Added	my.wpengine.com	URL	In Scope	18:51
Added	nitropack plugins	OTHER	In Scope	18:51
Added	spressforumstg.wpengine.com	URL	In Scope	18:51
Added	studiopress.blog	URL	In Scope	18:51
Added	wp engine-developed wordpress plugins and themes	OTHER	In Scope	18:51
Added	wpengine.com	URL	In Scope	18:51
Added	https://getflywheel.com/schedule-a-demo	URL	Out of Scope	18:51
Added	https://wpengine.com/contact	URL	Out of Scope	18:51