Public
WePay
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
WePay
$200
Enumeration of registered email addresses using bruteforce search on userIds
WePay
$250
Invited users can modify and/or remove account owner
WePay
$150
2-step Verification bypass
WePay
$100
Unauthenticated Stored XSS in API Panel
WePay
$100
Subdomain Takeover in http://staging.wepay.com/ pointing to Fastly
WePay
-
Broken Authentication – Session Token bug
WePay
$350
Horizontal Privilege Escalation
WePay
$350
Critical : Account removing using CSRF attack
WePay
-
CSRF (Make email primary) may lead to account compromise
WePay
-
oauth redirect uri validation bug leads to open redirect and account compromise
WePay
$100
Unauthorized Access via Join Email Link
WePay
$150
CSRF on email address operations. Also performing unintended operations.
WePay
$500
Session Fixation
WePay
-
Typical form vulnerable to csrf attack
WePay
-
CSRF & Nonce Token Weak Implementation
WePay
$300
Open Redirect
WePay
-
Sensitive settings need Re authentication
WePay
$100
Session fixation in wepay.com