Bug Bounty Program
Join the Post Affiliate Pro Bug Bounty Program, report security vulnerabilities responsibly, and get rewarded for helping to keep the platform secure.
Post Affiliate Pro aims to keep its service safe for everyone, and data security is of utmost importance. If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us privately and giving us an opportunity to fix it before publishing technical details.
Post Affiliate Pro will engage with security researchers when vulnerabilities are reported to us as described here. We will validate, respond, and fix vulnerabilities in support of our commitment to security and privacy. We won’t take legal action against, suspend, or terminate access to the Service of those who discover and report security vulnerabilities responsibly. Post Affiliate Pro reserves all of its legal rights in the event of any noncompliance.
Reporting
Share the details of any suspected vulnerabilities with the Post Affiliate Pro Development Team at support at postaffiliatepro.com. Please do not publicly disclose these details outside of this process without explicit permission. In reporting any suspected vulnerabilities, please include as much information as possible. If you want to submit multiple reports at once, please submit only one report (the most important if possible) and wait for a response.
Compensation
We are pleased to offer a bounty for vulnerability information that helps us protect our customers as a thanks to the security researchers who choose to participate in our bug bounty program. The regular bounty reward is $100 per bounty submitted and verified by our dev team.
We will only reward the first reporter of a vulnerability. Any duplicate reports will not be rewarded.
Scope
You may only test against a Post Affiliate Pro Account for which you are the Account Owner or an Agent authorized by the Account Owner to conduct such testing. For example: yourdomain.postaffiliatepro.com
We will reward you for the following types of vulnerabilities:
- Remote Command Execution (RCE)
- SQL Injection
- Broken Authentication
- Broken Session Management
- Access Control Bypass
- Cross-Site Scripting (XSS)
- Open URL Redirection
- Directory Traversal
Reports of when an attacker can only threaten his own account will not be rewarded with a bounty. XSS caused by an Admin will not be rewarded with a bounty.
Frequently asked questions
- What is the Post Affiliate Pro Bug Bounty Program?
The Bug Bounty Program invites security researchers to find and report vulnerabilities in Post Affiliate Pro’s software and get rewarded for eligible and verified submissions.
- How much is the regular bounty reward?
The regular bounty reward is $100 for each unique vulnerability submitted and verified by the development team.
- How do I report a vulnerability?
Share details of any suspected vulnerabilities with the Post Affiliate Pro Development Team at support@postaffiliatepro.com, including as much information as possible.
- Will I be rewarded for duplicate reports?
No, only the first reporter of a vulnerability will be rewarded. Duplicate reports will not receive a bounty.
- Is responsible disclosure required?
Yes, vulnerabilities should be reported privately and not disclosed publicly before they are fixed, in accordance with the responsible disclosure policy.
Report Vulnerabilities and Earn Rewards
Help keep Post Affiliate Pro secure by participating in our Bug Bounty Program. Report vulnerabilities and receive compensation for your responsible disclosure.
