Thank you for your interest in helping us improve the security of our open source products, websites and other properties.

We have created this Bug Bounty program to appreciate and reward your efforts.

Bug Bounty Reward Guidelines

All payouts are based on impact, and we reward accordingly. Be sure to highlight the impact of your findings in your submission. We are especially interested in, and will give special consideration to, exceptional reports that demonstrate a full system compromise.  

Cyberchimps reserve the right to determine bounty amounts at its sole discretion. Rewards will only be granted to the first person to report a qualifying vulnerability.  

Payout amounts may vary based on the severity of the issue and the quality of the report. Cyberchimps retain full discretion in making final decisions regarding bounties and rewards.

Products in Scope

• Responsive theme – WordPress Theme (https://wordpress.org/themes/responsive/ )
• Responsive Addons for Elementor – (https://wordpress.org/plugins/responsive-addons-for-elementor/)
• Responsive Plus – Starter Templates (https://wordpress.org/plugins/responsive-add-ons/)
• Responsive Blocks Plugin (https://wordpress.org/plugins/responsive-block-editor-addons/)

Qualifying Vulnerabilities

Any security vulnerability that can be reliably reproduced and poses a risk to user safety is likely to fall within the program’s scope. Typical examples include:  

• XSS (Cross-Site Scripting)  
• CSRF (Cross-Site Request Forgery)  
• SSRF (Server-Side Request Forgery)  
• RCE (Remote Code Execution)  
• SQLi (SQL Injection)  

Rewards for Your Contributions

Celebrate your contributions to improving our security while earning financial rewards.

All payouts are determined based on impact, and rewards will be given accordingly. Please highlight the impact in your submission. We are especially interested in, and will prioritize, exceptional submissions that lead to the full compromise of a system.

Payout threshold: Once your cumulative rewards reach $50, payouts will be processed to your preferred account.

Crafting a Report

If our  team cannot reproduce and verify an issue, a bounty cannot be awarded. To help streamline our intake process, we ask that submissions include:

1. Description of the vulnerability
2. Steps to reproduce the reported vulnerability
3. Proof of exploitability (e.g. screenshot, video)
4. Perceived impact to another user or the organization
5. Proposed CVSSv3 Vector & Score (without environmental and temporal modifiers)
6. List of URLs and affected parameters
7. Other vulnerable URLs, additional payloads, Proof-of-Concept code
8. Browser, OS and/or app version used during testing
9. Impact of the bug

To be considered, vulnerability reports must meet specific criteria. Reports based solely on automated tools, scanners, or theoretical attack descriptions without demonstrable proof of exploitability will not be accepted.

Guidelines for Responsible Testing

Participate ethically to maintain integrity and trust in the program.

• Perform testing responsibly without causing disruptions to our services or users.
• Do not exploit discovered vulnerabilities in any manner.
• Avoid public disclosures of issues before resolution by our team.
• Ensure compliance with all legal regulations and ethical testing practices.

Ensuring Your Protection

Submit reports in good faith without fear of legal action.

• Good-faith researchers acting ethically are protected from legal actions.
• Ensure adherence to program guidelines to qualify for this protection.
• Your contributions will be valued and respected throughout the process.

Join Our Mission for Security

Your skills can make a significant impact on improving user safety.

Become a valued member of our Bug Bounty Program and make the web safer.

For queries or to start reporting, reach out to us at support@cyberchimps.com.

Start contributing today and help us maintain a secure and trustworthy platform.