Bug bounty program, reward for bugs reporting

We offer compensation for reporting bugs that you have found at cleantalk.org or our plugins. The rates are below,

• Public accessible internal data $25.
• Directory Listing Enabled (depending on the data being disclosed; reports on this vulnerability are accepted if critical data is detected (passwords, backups, etc.)) 10$.
• Account Takeover 35$
• Insecure direct object reference (IDOR) to sensitive data exposure 15-50$
• Stored XSS $20 access over not GET request.
• Stored XSS $50.
• XML external entity (XXE) injection 50$
• LFI/RFI (File Inclusion Vulnerabilities)75$
• Possible Blind SQL injection $75.
• Possible SQL injection $150.
• RCE (Remote Code Execution) 200-500$
• Possible mass data leaking of users $250-$750.

If you discovered a bug please report us bugbounty@cleantalk.org. Each bug must be reported individually, and each report must include a POC video.

*The report will be reviewed within 3-4 business days and if the report you sent is approved, you will be contacted

*If you have sent a report and have not received a response to it, it means that your report has not been accepted