Security Policy

We appreciate any vulnerabilities disclosed responsibly to River Security. Please see for information on how to report anything outstanding.

In advance, thank you for your service. If a bug report is considered in-scope and something River Security is looking to fix, we might reward bug bounty hunters with for example swag such as stickers, t-shirt/hoodie, challenge coin.

Known Issues or Wont Fix

  • Enumeration of files, posts, content via REST API, or WordPress functionality, is accepted and per our intentions.
  • Denial of Service attacks, for example resource-exhaustion via load.php.