Western Union

Moving money for better

  • $100 – $3,000 per vulnerability
Submit report

Program stats

  • Vulnerabilities rewarded 477
  • Validation within 4 days 75% of submissions are accepted or rejected within 4 days
  • Average payout $1,200 within the last 3 months

Latest hall of famers

View all 909

Recently joined this program

2709 total

Western Union is a financial services and communications company based in the United States.

In general, Western Union adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization of findings, but they do reserve the right to alter priority on a case-by-case basis. Any submission where the priority is altered will be accompanied by an explanation from the Western Union team.

Note on special domains: The following transaction/core domains below will have higher rewards due to their sensitivity:

Testing Headers

Please include the following headers in all server requests. This will not affect the responses to your activity, but allows Western Union to identify Researcher testing activity and avoid IP blocking.

  • Required X-Request-Purpose: Bugcrowd
  • Optional X-Bugcrowd-Ninja: [username]

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.