Alhamdulillah! In July 2025, I had the opportunity to contribute to the security of the WordPress ecosystem by responsibly reporting vulnerabilities through the Patchstack Bug Bounty Program.

Throughout the month, I identified and reported 22 security vulnerabilities across 21 different WordPress plugins. Each of these findings was responsibly disclosed so developers could address the issues before they posed any risk to millions of WordPress users worldwide.

I also hold the 16th position on the All-Time Leaderboard among top security researchers worldwide.

📊 My July 2025 Stats

• Total Vulnerabilities Reported: 22

• Total Plugins Affected: 21

• Monthly Leaderboard Position: 7th Place 🎉

You can view my researcher profile and reports here: My Patchstack Profile.

Why This Matters

WordPress powers over 40% of the internet, and plugins are at the heart of its ecosystem. Unfortunately, a single overlooked vulnerability can open the door for attackers to compromise thousands of websites.

By responsibly reporting vulnerabilities, I aim to:

• Strengthen the overall WordPress ecosystem.

• Protect website owners and users from security threats.

• Support plugin developers in improving their code.

Looking Ahead

Security research is an ongoing journey. I’ll continue exploring the WordPress ecosystem, reporting vulnerabilities, and contributing to the global effort of making the web a safer place inShaAllah.

If you found this post helpful, consider buying me a coffee. It keeps me writing!