Found a security issue or vulnerability in LifterLMS or any of our related codebases? Please let us know by submitting a vulnerability report to our Vulnerability Disclosure Platform on the Bugcrowd Platform.

Before submitting any reports, please take the time to familiarize yourself with our guidelines as described in the program brief and details.


All vulnerability disclosure must be submitted on the Bugcrowd platform. Following the submission of a vulnerability, we will communicate you about your report exclusively through Bugcrowd.

Do not submit vulnerability reports on any of our GitHub repositories, support forms, or via email or direct message.


At this time we are not issuing monetary rewards for vulnerability reports.

If you are a verified researcher on the Bugcrowd platform, accepted reports will be credited to your Bugcrowd account.

We will provide you with credit for reports with your name (and an optional link) in our changelog when the reported issue is remediated.

Targets, Scope, and Program Details

All information about the program scope, eligible and ineligible targets, and program details are all available at

Eligibility and Responsible Disclosure

You are responsible for complying with all applicable laws and must only ever use or otherwise access your own test accounts when researching vulnerabilities in any of our products, services, or codebases. Access to, or modification of user data is explicitly prohibited without prior consent from the account owner.

Policy Changelog

  • October 25, 2022 at 8:51am
    • The VDP on Bugcrowd is now an open, public program.
    • Removed redundant information from this page in favor of information described in the program brief at
    • Removed the embedded vulnerability report submission form.
  • July 20, 2020 at 8:44am
    • Removed BugCrowd invitation request due to spam and abuse.
  • July 14, 2020 at 10:27am
    • Policy guidelines and targets removed to reduce duplicated information between our program at
  • July 27, 2020 at 2:23pm
    • Program reopened, accepting reports through Bugcrowd
    • Monetary rewards removed in favor of Kudos
  • May, 28, 2020 at 8:57am
    • Submission of reports placed on temporary hold.