Post Affiliate Pro Bug Bounty Program

Post Affiliate Pro aims to keep its service safe for everyone, and data security is of utmost importance. If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us privately and giving us an opportunity to fix it before publishing technical details.

Post Affiliate Pro will engage with security researchers when vulnerabilities are reported to us as described here. We will validate, respond, and fix vulnerabilities in support of our commitment to security and privacy. We won’t take legal action against, suspend, or terminate access to the Service of those who discover and report security vulnerabilities responsibly. Post Affiliate Pro reserves all of its legal rights in the event of any noncompliance.

Reporting

Share the details of any suspected vulnerabilities with the Post Affiliate Pro Development Team at support@postaffiliatepro.com. Please do not publicly disclose these details outside of this process without explicit permission. In reporting any suspected vulnerabilities, please include as much information as possible. If you want to submit multiple reports at once, please submit only one report (the most important if possible) and wait for a response.

Compensation

We are pleased to offer a bounty for vulnerability information that helps us protect our customers as a thanks to the security researchers who choose to participate in our bug bounty program. The regular bounty reward is $50 per bounty submitted and verified by our dev team.

We will only reward the first reporter of a vulnerability. Any duplicate reports will not be rewarded.

Scope

You may only test against a Post Affiliate Pro Account for which you are the Account Owner or a merchant authorized by the Account Owner to conduct such testing. For example:

  • *yourdomain*.postaffiliatepro.com

We will reward you for the following types of vulnerabilities:

  • Remote Command Execution (RCE)
  • SQL Injection
  • Broken Authentication
  • Broken Session Management
  • Access Control Bypass
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Open URL Redirection
  • Directory Traversal

Reports of when an attacker can only threaten his own account will not be rewarded with a bounty. XSS caused by an Admin will not be rewarded with a bounty.

Found a security issue?

If you think you have found a security issue or bug..

Report it now
×