Login

Cart

Your cart is empty

Report Security Issues

If you’ve found a security vulnerability on Varawood.com, we encourage you to contact us immediately. We review all legitimate reports and aim to resolve issues as quickly as possible. Before reporting, please review this document, including our fundamentals, bounty program, reward guidelines, and non-reportable issues.

Fundamentals

If you follow the principles below when reporting a security issue to Varawood.com, we will not initiate legal action or enforcement investigations against you in response to your report.

We ask that:

  • You give us reasonable time to review and fix the issue before disclosing it publicly or sharing it with others.

  • You do not interact with or access private accounts without the account owner's consent.

  • You make a good-faith effort to avoid privacy violations, service disruptions, or data destruction.

  • You do not exploit the issue for any reason, including to demonstrate further risks or access sensitive data.

  • You comply with all applicable laws and regulations.

Bounty Program

We recognize and appreciate security researchers who help protect our platform by reporting vulnerabilities. Rewards may be granted at Varawood.com's discretion, based on risk, impact, and report quality.

To potentially qualify for a bounty, you must:

  • Follow the fundamentals listed above.

  • Report a valid security vulnerability that poses a risk to privacy or security.

  • Submit your report directly through our contact email rather than contacting individual employees.

  • Disclose any accidental privacy violations or service disruptions within your report.

  • Understand that while we review all valid reports, response time may vary depending on the severity and complexity of the issue.

  • Agree that we reserve the right to publish submitted reports if necessary.

Rewards

Rewards are determined based on the severity and impact of the vulnerability. Please provide detailed and reproducible steps in your report. If the issue cannot be reproduced, it may not be eligible for a reward.

  • The first valid report of an issue will receive the reward.

  • Multiple vulnerabilities caused by the same underlying issue may be treated as a single report.

  • Rewards are assessed based on impact, exploitability, and report quality.

The following are the maximum reward levels based on severity:

Critical Severity – Up to $200

Examples include:

  • Remote Code Execution

  • Remote Shell or Command Execution

  • Vertical Authentication Bypass

  • SQL Injection exposing sensitive data

  • Full account access vulnerabilities

High Severity – Up to $100

Examples include:

  • Lateral authentication bypass

  • Disclosure of sensitive internal data

  • Stored cross-site scripting (XSS) affecting other users

  • Local file inclusion vulnerabilities

  • Insecure authentication cookie handling

Medium Severity – Up to $50

Examples include:

  • Logic or business process flaws

  • Insecure object references

Low Severity – Recognition Only

Examples include:

  • Open redirects

  • Reflected cross-site scripting (XSS)

  • Low-sensitivity information leaks

Contact Information

Address:
131 Continental Dr
Suite 305
Newark, DE 19713
United States

Phone: +1 307 922-0655

Email: Contact@Varawood.com