
Western Union
- $100 – $3,000 per vulnerability
Western Union is a financial services and communications company based in the United States.
In general, Western Union adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization of findings, but they do reserve the right to alter priority on a case-by-case basis. Any submission where the priority is altered will be accompanied by an explanation from the Western Union team.
Note on special domains: The following transaction/core domains below will have higher rewards due to their sensitivity:
- https://www.westernunion.com
- https://ebanking.westernunionbank.com
- https://partnernet.westernunion.com
Testing Headers
Please include the following headers in all server requests. This will not affect the responses to your activity, but allows Western Union to identify Researcher testing activity and avoid IP blocking.
- Required X-Request-Purpose: Bugcrowd
- Optional X-Bugcrowd-Ninja: [username]
Scope and rewards
Program rules
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.