Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
plusgrade-vdp-pro
5
In Scope
2
Out of Scope
In-Scope Assets (5)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.points.com | URL | No | ||
| *.upgrd.co | URL | No | ||
| Additional scope included under resources tab | URL | No | - | |
| https://www.plusgrade.com/ | URL | No | ||
| https://www.upstay.tech | URL | No |
Out-of-Scope Assets (2)
| Asset | Category | Bounty | |
|---|---|---|---|
| Anything not explicitly listed as in-scope | URL | No | |
| Partner Website & Applications | URL | No |
Scope Changes (35)
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | additional scope included under resources tab | URL | In Scope | 23:51 |
| Added | https://www.plusgrade.com/ | URL | In Scope | 22:36 |
| Added | https://www.plusgrade.com/ | URL | In Scope | 22:36 |
| Added | https://www.upstay.tech | URL | In Scope | 22:36 |
| Added | *.upgrd.co | URL | In Scope | 22:36 |
| Added | additional scope included under resources tab | URL | In Scope | 22:36 |
| Added | *.points.com | URL | In Scope | 22:36 |
| Added | partner website & applications | URL | Out of Scope | 22:36 |
| Added | anything not explicitly listed as in-scope | URL | Out of Scope | 22:36 |
| Added | https://www.upstay.tech | URL | In Scope | 22:36 |
| Added | *.upgrd.co | WILDCARD | In Scope | 22:36 |
| Added | *.points.com | WILDCARD | In Scope | 22:36 |
| Added | partner website & applications | URL | Out of Scope | 22:36 |
| Added | anything not explicitly listed as in-scope | URL | Out of Scope | 22:36 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | additional scope included under resources tab | URL | In Scope | 20:33 |
| Added | https://www.plusgrade.com/ | URL | In Scope | 19:18 |
| Added | https://www.upstay.tech | URL | In Scope | 19:18 |
| Added | anything not explicitly listed as in-scope | URL | Out of Scope | 19:18 |
| Added | *.points.com | WILDCARD | In Scope | 19:18 |
| Added | partner website & applications | URL | Out of Scope | 19:18 |
| Added | *.upgrd.co | WILDCARD | In Scope | 19:18 |
| Added | *.points.com | WILDCARD | In Scope | 17:18 |
| Added | partner website & applications | URL | Out of Scope | 17:18 |
| Added | anything not explicitly listed as in-scope | URL | Out of Scope | 17:18 |
| Added | https://www.plusgrade.com/ | URL | In Scope | 17:18 |
| Added | https://www.upstay.tech | URL | In Scope | 17:18 |
| Added | *.upgrd.co | WILDCARD | In Scope | 17:18 |
| Added | additional scope included under resources tab | URL | In Scope | 17:18 |
| Added | https://www.plusgrade.com/ | URL | In Scope | 17:18 |
| Added | https://www.upstay.tech | URL | In Scope | 17:18 |
| Added | *.upgrd.co | URL | In Scope | 17:18 |
| Added | additional scope included under resources tab | URL | In Scope | 17:18 |
| Added | *.points.com | URL | In Scope | 17:18 |
| Added | partner website & applications | URL | Out of Scope | 17:18 |
| Added | anything not explicitly listed as in-scope | URL | Out of Scope | 17:18 |