BigCommerce
- $50 – $2,500 per vulnerability
Reward bonuses for MLI BOPIS APIs
Hello everyone,
Hope you are having a great start to your 2023!!
We are pleased to announce BigCommerce is now offering bonuses starting as of now and will end on March 14th 5pm PST! Through out this period, the first three researchers to submit a P1 in below mentioned scope will receive a BONUS 1500$ on top of the original bounty.
Below are the bonus details:
| Priority/Bonus Qualifications | Previous Reward Range | New Reward Range |
|---|---|---|
| P1 on below defined scope | $1500-2500 | $3000-$4000 |
In Scope:
The following document talks about various APIs that are being powered
https://bigcommerce.stoplight.io/docs/api-beta-buy-online-pick-up-in-store/api-docs/overview (has to be your store)
Refer to the following article
https://support.bigcommerce.com/s/article/Store-API-Accounts?language=en_US
Within your admin panel (store-<hash>.mybigcommerce.com) the following URL paths that are impacted by the above APIs are in scope:
/manage/orders/*
/manage/settings/shipping/*
Out of Scope:
Vulnerabilities that occurs because of custom checkout or theme (this is the merchant’s responsibility).
Any other vulnerabilities reported do not include the bonus program.
Note, bonuses are subject to change. If you have any questions, please reach out to support@bugcrowd.com.
Good luck and Happy hunting
