Found a security issue or vulnerability in LifterLMS, our websites, or any related codebase? Please let us know by submitting a vulnerability report through our private vulnerability disclosure program powered by BugCrowd. We strive to respond to all reports within 2 weeks and we’ll let you know a few things:

  • If the issue has been previously reported
  • Whether or not we consider it an issue

Any follow-up and communication about reports must be made through BugCrowrd.

Rewards

At this time we are not issuing monetary rewards for vulnerability reports.

If you are a verified researcher on the Bugcrowd platform, accepted reports will be credited to your Bugcrowd account.

We will provide you with credit for reports with your name (and an optional link) in our changelog when the reported issue is remediated.

Targets, Scope, and Program Details

All information about the program scope, eligible and ineligible targets, and program details is available at https://bugcrowd.com/lifterlms.

Note: if the above link results in a 404 error you must first be invited to the private program.

Eligibility and Responsible Disclosure

You are responsible for complying with all applicable laws and must only ever use or otherwise access your own test accounts when researching vulnerabilities in any of our products, services, or codebases. Access to, or modification of user data is explicitly prohibited without prior consent from the account owner.

Report a Vulnerability

In order to best communicate with us about vulnerability reports we recommend using your BugCrowd account. You may use the form below to submit a report. Make sure to provide your BugCrowd email address with the submission so you will be credited and be able to communicate wish us about your report.

Policy Changelog

  • July 20, 2020 at 8:44am
    • Removed BugCrowd invitation request due to spam and abuse.
  • July 14, 2020 at 10:27am
    • Policy guidelines and targets removed to reduce duplicated information between our program at https://bugcrowd.com/lifterlms
  • July 27, 2020 at 2:23pm
    • Program reopened, accepting reports through Bugcrowd
    • Monetary rewards removed in favor of Kudos
  • May, 28, 2020 at 8:57am
    • Submission of reports placed on temporary hold.