Bug bounty program, reward for bugs reporting

We offer compensation for reporting bugs that you have found at cleantalk.org or our plugins. The rates are below,

  • Public accessible internal data $25.
  • Directory Listing Enabled (depending on the data being disclosed; reports on this vulnerability are accepted if critical data is detected (passwords, backups, etc.)) 10$.
  • Account Takeover 35$
  • Insecure direct object reference (IDOR) to sensitive data exposure 15-50$
  • Stored XSS $20 access over not GET request.
  • Stored XSS $50.
  • XML external entity (XXE) injection 50$
  • LFI/RFI (File Inclusion Vulnerabilities)75$
  • Possible Blind SQL injection $75.
  • Possible SQL injection $150.
  • RCE (Remote Code Execution) 200-500$
  • Possible mass data leaking of users $250-$750.

If you discovered a bug please report us bugbounty@cleantalk.org. Each bug must be reported individually, and each report must include a POC video.

*The report will be reviewed within 3-4 business days and if the report you sent is approved, you will be contacted

*If you have sent a report and have not received a response to it, it means that your report has not been accepted

Was this information helpful?

Copied to clipboard