At TNW, we appreciate the effort of the community and our readers to help us find security issues and vulnerabilities in our site. These vulnerabilities include (but not only):

  • User data leaks.
  • CSRF exploits.
  • Cross-site scripting.
  • Access into secured areas of the website.
  • SQL injection.
  • Remote code execution.

Some things we won’t consider (sorry) are:

  • Bugs that do not represent any security risk.
  • Software version disclosure.
  • Results of automated tools or scanners.
  • Missing security-related HTTP features which do not lead directly to a vulnerability.
  • Denial of Service and brute force attacks.
  • Upstream bugs (WordPress core, for example). They should be reported here instead:

If you think you’ve found one of these vulnerabilities or exploits, please get in touch as soon as possible with us at [email protected] We’ll take a look at the problem, and if we acknowledge the issue, we’ll offer you a coupon to spend in our online marketplace

Of course, some conditions apply:

  • Share with us the full details of any problem found, including steps to reproduce it.
  • Do not tell anyone else about the issue until we’ve acknowledged and fixed the issue.
  • Do not intentionally harm the experience or usefulness of the service to others.
  • Do not access, modify or damage any data belonging to others.

In short, only “White Hat” behaviour will be rewarded. Happy hacking!