.svg)
We extend our deepest gratitude to the ethical hackers and security researchers who have helped identify vulnerabilities, ensuring the Workpay platform remains secure for everyone.
| Date | Reporter | Severity | Classification | Status |
|---|---|---|---|---|
| 2026-02-25 | Jane Doe | Medium | OIDC Token Claim Validation | ✓ Fixed (2026-02-25) |
| 2025-09-12 | John Smith | High | Remote Code Execution (RCE) | ✓ Fixed (2025-09-14) |
| 2025-06-30 | AnonHacker | Low | Clickjacking / XSS | ✓ Fixed (2025-07-02) |
The exact date the vulnerability was responsibly disclosed to the Workpay security team.
Attribution to the security researcher. We respect requests to remain anonymous or use a pseudonym.
Rated as LOW, MEDIUM, or HIGH based on industry-standard risk rating methodologies (Impact vs. Likelihood).
The technical category of the exploit, outlined in our official Security Policy guidelines.
The resolution stage of the report, including the date a secure patch was successfully deployed.