Bug Bounty - Síň slávy

Found a bug or security issue in our project?
See https://app.certifix.eu/security.txt for more info

Hall of Fame

2024-05-26 - Pruthu Raut - MTA-STS record missing - 10,00 €
2024-05-17 - Himanshu Sondhi - SRI missing - 0,00 €
2024-05-17 - Himanshu Sondhi - Outdated jQuery library - 0,00 €
2023-12-25 - Mridul Rastogi - Password recovery process info leak - 0,00 €
2021-07-14 - Kiran Ghimire - Registration process logical issue - 0,00 €
2021-06-25 - Kunal Mhaske - Session expiration when changing password - 25,00 €
2021-01-18 - Prajwal Khante - HTML injection (XSS) with HTTP Referer header - 20,00 €
2020-12-09 - Zin Min Phyo - Filetype (mime/extension) confusion when uploading evidencing files - 15,00 €
Reported also by:
- 2020-12-22 - Akash Chauhan
2020-10-01 - Kinshuk Kumar - E-mail sent links not expiring - 15,00 €
2020-09-12 - Aditya Soni - crash in the password reset field using IDN homographic value - 10,00 €
2020-09-02 - Akshay Parse - user's fullname length was restricted too little - 5,00 €
2020-08-30 - Akshay Parse - registration process logical flaw - 15,00 €
Reported also by:
- 2023-12-25 - Milan Jain
2020-08-09 - Rashid P - WP-Cron exposal / DoS risk - 5,00 €
2020-08-08 - Kinshuk Kumar - missing DMARC policy on associated domain - 0,00 €
2020-08-07 - Sai ViNay Reddee - regression on session fixation - 10,00 €
2020-07-10 - Ronit Bhatt - hyperlink injection in user's name - 20,00 €
2020-07-08 - Keshav Malik - Account Lockout not Being Enforced - 25,00 €
2020-07-08 - Keshav Malik - password complexity not validated - 15,00 €
Reported also by:
- 2020-07-15 - Nishant N. Lungare
2020-07-06 - Keshav Malik - session fixation / invalidate user sessions on logout - 20,00 €
2020-07-02 - Akshay Parse - no rate limit on form submit actions - 25,00 €
Reported also by:
- 2020-07-06 - Keshav Malik
- 2020-07-06 - Ajaysen R
2020-07-01 - Aamir Usman Khan - stored XSS in document info - 20,00 €
2020-07-01 - Aamir Usman Khan - password length policy - 5,00 €
2020-06-28 - Bilal Abdul Muqeet - WP JSON API allowed for unauthenticated users - 10,00 €
2020-06-25 - Kunal Mhaske - invalidate all user sessions once the new password is set - 30,00 €
2020-05-14 - Kunal Mhaske - incorrect security on refererr, switched to origin-when-cross-origin - 25,00 €
2020-03-11 - Kunal Mhaske - email bombing on forgot password function - 10,00 €
2020-03-01 - Kunal Mhaske - missing DMARC policy on certifix.eu/certifix.cz - 10,00 €