Bug Bounty Program – www.TubeWay.io

At Tubeway, we take the security of our users and systems seriously. We welcome ethical hackers and security researchers to help us identify and responsibly disclose vulnerabilities so we can fix them quickly and protect our community.
Report
video-professionals-image

Scope

In Scope
The following are within the scope of this program:
  • https://www.tubeway.io (Main WordPress website)
  • WordPress plugins and themes installed by us (custom or third-party)
  • Contact forms, login areas, and account-related functionality

Out of Scope:
  • Subdomains not listed above
  • Third-party services not under our control (e.g., payment processors, hosting providers)
  • Social engineering attacks
  • Denial of Service (DoS), brute force, or spam attacks
  • Automated scanning tools without prior consent

Accepted Vulnerabilities 

We are particularly interested in:
  • Cross-site scripting (XSS)
  • SQL injection
  • Remote code execution (RCE)
  • Privilege escalation
  • Unauthorized access to sensitive data
  • Authentication or session flaws
  • CSRF affecting critical actions

Not Accepted:
  • Self-XSS
  • Clickjacking on non-sensitive pages
  • Missing HTTP security headers (unless exploitable)
  • Software version disclosure without an associated exploit
  • Best practices or theoretical issues with no actual security impact

Rules of Engagement

To be eligible for a reward, you must:
  • Act in good faith and avoid privacy violations or data destruction
  • Do not modify or delete content or data
  • Do not perform testing that could disrupt services
  • Report the issue to us privately and promptly
  • Allow us reasonable time to investigate and fix the issue before public
  • disclosure
  • Only test accounts and content you control

Rewards:
  • We currently offer recognition and, in some cases, discretionary rewards (swag, thank-you notes, or small bounties, typically €50–€300 depending on severity).
  • Note: Monetary rewards are not guaranteed and depend on the impact, exploitability, and quality of your report.

How to report?

Send detailed reports to: security@tubeway.io

Please include:
  • A clear description of the vulnerability
  • Steps to reproduce (screenshots, PoC code, video if needed)
  • Affected URLs or components
  • Potential impact and suggested mitigation (optional but appreciated)

We will acknowledge your report within 5 business days and aim to resolve valid issues within 30 days.

Report

How to report?

  •  All-in-One Platform – Manage storage, collaboration, and delivery in one place.
  • Time-Saving AI Tools – Automate searching, subtitles, and metadata.
  • Secure & GDPR Compliant – Protect your work with enterprise-grade security.
  • Flexible & Scalable – Designed for solo creators, small teams, and growing businesses.