Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
lightspeed-retail
8
In Scope
9
Out of Scope
In-Scope Assets (8)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https://app.ecwid.com/api/v3/ | URL | No | ||
| https://apps.apple.com/us/app/ecwid-ecommerce/id626731456 | IOS | No | - | |
| https://developers.vendhq.com/ | URL | No | ||
| https://payment-connectors.vendhq.com/ | URL | No | ||
| https://play.google.com/store/apps/details?id=com.ecwid.android&pli=1 | ANDROID | No | ||
| https://secure.vendhq.com | URL | No | ||
| https://store.retail.lightspeed.app | URL | No | ||
| https://www.vendhq.com/ | URL | No |
Out-of-Scope Assets (9)
| Asset | Category | Bounty | |
|---|---|---|---|
| https://support.ecwid.com/hc/en-us | OTHER | No | |
| https://www.ecwid.com/ | URL | No | |
| partnerportal.vendhq.com | URL | No | |
| partners.vendhq.com | URL | No | |
| track.api.vendhq.com | URL | No | |
| vendhq.force.com | URL | No | |
| vendimageuploadcdn.global.ssl.fastly.net | URL | No | |
| x-series-support.lightspeedhq.com | URL | No | |
| your-store.vendecommerce.com | URL | No |