Bug bounty program, reward for bugs reporting
We offer compensation for reporting bugs that you have found at cleantalk.org or our plugins. The rates are below,
- Public accessible internal data $25.
- Directory Listing Enabled (depending on the data being disclosed; reports on this vulnerability are accepted if critical data is detected (passwords, backups, etc.)) 10$.
- Account Takeover 35$
- Insecure direct object reference (IDOR) to sensitive data exposure 15-50$
- Stored XSS $20 access over not GET request.
- Stored XSS $50.
- XML external entity (XXE) injection 50$
- LFI/RFI (File Inclusion Vulnerabilities)75$
- Possible Blind SQL injection $75.
- Possible SQL injection $150.
- RCE (Remote Code Execution) 200-500$
- Possible mass data leaking of users $250.
If you discovered a bug please report us bugbounty@cleantalk.org. Each bug must be reported individually, and each report must include a POC video.
*The report will be reviewed within 3-4 business days and if the report you sent is approved, you will be contacted
*If you have sent a report and have not received a response to it, it means that your report has not been accepted