Help Secure Sensfrx, Earn Rewards

Join our Bug Bounty program to help identify security vulnerabilities in Sensfrx's platforms and integrations.

Submit a Bug Program Rules

Your Security Partner

We value the contributions of security researchers who help keep Sensfrx's platforms secure

Find a Bug

Discover security vulnerabilities within our defined scope.

Report Securely

Submit your findings through our secure reporting platform

Verification

Our security team verifies and validates your submission.

Get Rewarded

Receive recognition and exclusive swag for valid reports.

Rewards & Recognition

We value the contributions of security researchers who help keep Sensfrx's platforms secure.

Limited Edition T-Shirts

Exclusive Sensfrx Bug Hunter t-shirts for valid vulnerability reports

Security Acknowledgment

Public acknowledgment of your contributions to Sensfrx's security

Hall of Fame

Get recognized on our security researcher hall of fame

Learn More

Program Scope & Rules

Clear guidelines for security researchers

Domains & Web Applications

  • Domains & Web Applications
  • Customer dashboard (dashboard.sensfrx.ai)
  • API endpoints (api.sensfrx.ai)

Marketplace Integrations

  • Sensfrx WordPress plugin (latest version)
  • Sensfrx WooCommerce integration
  • Sensfrx WHMCS module
  • Sensfrx WISECP integration
Note: Please use development environments only. Never test on production unless you own it.
Background
Background

Vulnerability Types

Types of security issues we’re particularly interested in

Domains & Web Applications

  • Authentication bypasses
  • Weak password policies
  • Session management flaws

Injection Vulnerabilities

  • SQL injection
  • Cross-site scripting (XSS)
  • Command injection

Access Control

  • Insecure direct object references
  • Missing function-level access control
  • Privilege escalation

Data Exposure

  • Sensitive data exposure
  • Insecure API endpoints
  • Information leakage

Plugin Vulnerabilities

  • WordPress plugin security issues
  • WooCommerce integration flaws
  • WHMCS / WISECP module vulnerabilities

Configuration Issues

  • Security misconfiguration
  • Default credentials
  • Insecure default settings

Vulnerability Report Template

Please use this template when submitting vulnerability reports

Vulnerability Report Template

When submitting a vulnerability to security@sensfrx.ai, please include the following information:

Frequently Asked Questions

Questions you might ask about our products are services.

TRY FOR FREE

You can submit your bug reports via email to security@sensfrx.ai. Make sure to include detailed reproduction steps, impact assessment, and any relevant screenshots or videos. Our security team will review your submission and respond accordingly.

We reward researchers for discovering security issues such as XSS, CSRF, SQL injection, authentication bypasses, authorization flaws, and other vulnerabilities that could impact our users' security or privacy. Vulnerabilities in our marketplace integrations (WordPress, WooCommerce, WHMCS, WISECP) are also eligible.

We aim to review all submissions within 5 business days. Complex issues may take longer to validate. You'll receive updates on the status of your report throughout the process.

No, please only test systems that are explicitly listed in our scope (*.sensfrx.ai domains and our marketplace integrations). Testing out-of-scope systems may violate our terms and applicable laws.

T-shirts are shipped within 30 days after a vulnerability is validated and fixed. We'll contact you for shipping details once your report qualifies for a reward.

Currently, our bug bounty program offers recognition and swag (t-shirts) as rewards. We do not offer monetary compensation at this time, but we highly value the contributions of security researchers and acknowledge them in our Hall of Fame.

We're currently working on implementing PGP encryption for our vulnerability reports. In the meantime, please avoid including highly sensitive information in your initial report. After we acknowledge your submission, we can establish a secure communication channel for sharing additional details if needed.

We are committed to the following response times:

  • Initial acknowledgment: Within 24 hours
  • Triage completion: Within 5 business days
  • Critical vulnerabilities: Begin remediation within 24 hours
  • High vulnerabilities: Begin remediation within 3 business days
  • Medium/Low vulnerabilities: Prioritized according to our security roadmap

We follow a coordinated disclosure process:

  • We request that you do not disclose the vulnerability publicly until we have had a chance to address it
  • Once a vulnerability is fixed, we will work with you to determine an appropriate disclosure timeline
  • We typically allow public disclosure 90 days after a fix has been deployed
  • We will acknowledge your contribution in our Hall of Fame and in any public disclosure

For testing our marketplace integrations:

  • WordPress/WooCommerce: We recommend setting up a local WordPress installation and installing our plugin from the WordPress repository
  • WHMCS: You can use the WHMCS demo environment with our module
  • WISECP: Contact us at security@sensfrx.ai for access to a test environment

Documentation for all integrations is available at docs.sensfrx.ai/integrations .

Ready to Start Hunting?

Join our community of security researchers and help us build a more secure Sensfrx platform

Submit Your First Bug Program Questions

No credit card required |Get started in minutes

sensfrx logo