Report a vulnerability

We want to keep our platform safe for our clients, and you can play a big part in this. If you are an ethical hacker or security researcher, we welcome relevant information about security vulnerabilities in our platform. Depending on the severity of the vulnerability, we may offer a monetary reward of between $100 and $1,250. Here is a breakdown of the rewards we offer:

Category Example Reward
Remote code execution/database access
  • SQL injection
  • PHP injection
  • Terminal command injection
$1,250
Logic flaw bugs leaking or bypassing significant security controls
  • User or admin impersonation
  • Deleting/updating data of other accounts
  • Accessing sensitive data of other accounts
$750
Impersonating Easy LMS
  • Email spoofing
$500
Execute code on the browser of another admin or participant
  • Cross-site scripting (XSS injection)
$250
Other valid security vulnerabilities
  • Missing CSRF validation
  • Data extraction through polling
  • Missing Captcha
$100

How to submit a security report

You will need to submit your security report by sending a message to bugbounty@easy-lms.com. Include the following in your message:

  • An explanation of the vulnerability backed up with proof, such as screenshots or snippets of code.
  • Steps to validate or reproduce the issue.

Our validation process is straightforward from the moment you submit your report:

  • Our team of software engineers will review it.
  • We will email you to let you know if your report is accepted or rejected.
  • If the report is accepted by our team, you will receive payment through PayPal.

Out of scope

Although we appreciate your time and effort, there are reasons why we could reject your contribution, like:

  • It is already a known issue for us.
  • It is only best practice.
  • It is not deemed a vulnerability.

Contact us

For more information or to report a vulnerability, email bugbounty@easy-lms.com. We will respond as soon as possible.