Western Union

  • $100 – $3,000 per vulnerability

Program stats

  • Vulnerabilities rewarded 537
  • Validation within 11 days 75% of submissions are accepted or rejected within 11 days
  • Average payout $311.11 within the last 3 months

Latest hall of famers

Recently joined this program

2966 total

Western Union is a financial services and communications company based in the United States.

In general, Western Union adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization of findings, but they do reserve the right to alter priority on a case-by-case basis. Any submission where the priority is altered will be accompanied by an explanation from the Western Union team.

Note on special domains: The following transaction/core domains below will have higher rewards due to their sensitivity:

Testing Headers

Please include the following headers in all server requests. This will not affect the responses to your activity, but allows Western Union to identify Researcher testing activity and avoid IP blocking.

  • Required X-Request-Purpose: Bugcrowd
  • Optional X-Bugcrowd-Ninja: [username]

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.