Security Policy
We appreciate any vulnerabilities disclosed responsibly to River Security. Please see https://riversecurity.eu/.well-known/security.txt for information on how to report anything outstanding.
In advance, thank you for your service. If a bug report is considered in-scope and something River Security is looking to fix, we might reward bug bounty hunters with for example swag such as stickers, t-shirt/hoodie, challenge coin.
Known Issues or Wont Fix
- Enumeration of files, posts, content via REST API, or WordPress functionality, is accepted and per our intentions.
- Denial of Service attacks, for example resource-exhaustion via load.php.