Memlist.se Vulnerability Reward Program #

At Memlist, security is our top priority. We invite security researchers and ethical hackers to help us identify and resolve vulnerabilities that could impact our users. Through our Vulnerability Reward Program (VRP), we reward responsible disclosures that help improve our platform’s security.

Scope of the Program #

We are particularly interested in vulnerabilities related to:

• Member Authentication Overrides – Any method that allows unauthorized access to user accounts.
• Administration Authentication Overrides – Unauthorized access to admin panels or elevated privileges.
• Data Leaks – Exposure of sensitive member or company data due to misconfigurations, leaks, or exploits.

Reward Structure #

Rewards are granted based on the severity and impact of the vulnerability, following industry-standard severity ratings. The maximum reward is 13,337 SEK for critical vulnerabilities with significant security risks.

Eligibility & Responsible Disclosure #

• Do not perform attacks that may disrupt services or affect other users.
• Do not access, modify, or delete any data beyond what is necessary to demonstrate the vulnerability.
• Report vulnerabilities privately and allow us reasonable time to fix the issue before public disclosure.

Exclusions #

The following are out of scope:

• Social engineering or phishing attacks.
• Denial of Service (DoS) or rate-limiting issues.
• Vulnerabilities requiring physical access to devices.
• Source code and packages which we do not maintain, such as WordPress. These should be reported to the developers of that particular software.

How to Report #

To report a vulnerability, send a detailed report to support@memlist.se, including:

• Steps to reproduce the issue.
• Potential impact assessment.
• Any supporting proof-of-concept or screenshots.

We appreciate your help in keeping Memlist.se secure and look forward to working with the security community!