Security

Bug Bounty Program

Help us keep Wexio.io secure. Report security vulnerabilities responsibly and earn exclusive discount codes.

Report a VulnerabilityView Program Scope
15%

Maximum Discount

24h

Average Response Time

50+

Vulnerabilities Resolved

Program Scope

Our bug bounty program covers the following systems and services.

In Scope

Web Application

Main Wexio.io web application (app.wexio.io)

API Endpoints

REST and GraphQL APIs (api.wexio.io)

Authentication

Login, registration, and session management

Telegram Integration

Bot API and webhook handlers

Out of Scope

  • Social engineering attacks on employees or users
  • Physical security attacks on our offices or infrastructure
  • Third-party services and integrations not owned by Wexio.io
  • Denial of service (DoS/DDoS) attacks
  • Spam or social engineering techniques against users
  • Rate limiting or brute force protections

Reward Structure

Rewards are promotional discount codes based on severity and impact of the vulnerability.

Critical

Remote code execution, authentication bypass, data breach

15% off

Valid for 12 months

High

Privilege escalation, stored XSS, IDOR

10% off

Valid for 12 months

Medium

Reflected XSS, CSRF, information disclosure

5% off

Valid for 6 months

Low

Security misconfigurations, minor issues

3% off

Valid for 3 months

How to Report

Follow these steps to submit a vulnerability report.

Step 1

Discover

Find a security vulnerability in our systems

Step 2

Document

Create a detailed report with proof of concept

Step 3

Submit

Send your report to security@wexio.io

Step 4

Wait

We'll review and validate within 24-48 hours

Step 5

Reward

Receive your bounty upon confirmation

Program Rules

  • Report vulnerabilities responsibly and give us reasonable time to fix them before any disclosure
  • Do not publicly disclose vulnerabilities until we have resolved them and given approval
  • Do not access, modify, or delete data belonging to other users
  • Use test accounts only - do not attempt to access real user data
  • Submit one vulnerability per report for clear communication and proper tracking

Ready to Hunt?

Join our security research community and help make Wexio.io safer for everyone.

Submit a Report