RebelMouse Talk to Us
RebelMouse’s Security Bug Bounty Program

At RebelMouse, the security and privacy of our clients is of the utmost importance. We work around the clock to maintain an infrastructure that's secure and shielded from any potential vulnerabilities. Click here to learn more.

To strengthen our commitment to security, RebelMouse offers a bug bounty program. If you believe you've found a security issue on our site, or any of the sites we power, we may compensate you for your discovery. We look at all submitted reports, and if we agree that it's a valid finding, we'll pay $250 for each one.

Here's more information about what qualifies as a security vulnerability and how to report a bug:


Qualifying Vulnerabilities

To classify vulnerabilities, we use the OWASP Top 10 as a guideline, which is published and maintained by The Open Web Application Security Project (OWASP). This includes:

  • Remote Code Execution (RCE)
  • SQL Injection
  • Local-Remote File Inclusion (LFI/RFI)
  • XML External Entity (XXE)
  • Broken Authentication (2FA Bypass, etc.)
  • Sensitive Data Exposure
  • Cross-Site Scripting (XSS)
  • Security Misconfiguration
  • Using Components With Known Vulnerabilities (With Examples)
  • Server-Side Request Forgery (SSRF)
  • Сross-Site Request Forgery (CSRF)
  • Insecure Direct Object References (IDOR)
  • Flood-Control Bypass
  • Privacy Bypass
  • Other Injections

Non-Qualifying Vulnerabilities

  • Reports from security scanners and other automated systems
  • Vulnerability reports based solely on software/protocol versions without a valid proof of concept
  • Reports about missing protection mechanisms or mismatched recommendations (for example, the absence of a CSRF token) without referring to a concrete negative consequence
  • Logout CSRF
  • Self-XSS
  • Framing
  • Clickjacking
  • Reports about Open Redirect
  • IDN homograph attacks
  • Attacks that require complete access to a user's page or browser profile
  • Vulnerabilities within third-party services

Strictly Prohibited

  • DDoS attacks
  • Social engineering
  • Gaining physical access to the servers/infrastructure
  • Threats/Harm to company employees

Moreover, such actions will be prosecuted to the fullest extent of the law, without exception.

Report Recommendations

When writing your report, be sure to include the following to increase your chances of receiving a reward:

  • The domain containing the vulnerability
  • The type of vulnerability
  • Examples of exploiting it, captured by screenshots or screencasts
  • Methods of reproducing the vulnerability
  • What impact the vulnerability has
  • Recommendations for fixing the vulnerability

Rewards

  • The standard reward is $250 USD per bug/vulnerability
  • The reward will only be given to the first researcher that reports a previously unknown vulnerability
  • We consider the exploitation of discovered vulnerabilities to be extremely unethical, and we will not provide a reward in such cases

Domains That Are Out of Scope

  • *.rbl.ms (except static.rbl.ms and res.rbl.ms)
  • *.rebelmouse.com (except www.rebelmouse.com)

If you have a security bug to submit to our program, please email bugbounty@rebelmouse.com for a submission form. Once the issue is evaluated and deemed to be valid, we will contact you about your reward. Good luck hunting!

Build on a Better PlatformReady to See More?
Request a Proposal
People on a train station
Rebel Insights

RebelMouse Q1 2021 Platform Updates

Speed, performance, and Core Web Vitals enhancements

Click here to read our Q2 2021 platform performance updates!

At RebelMouse, we pour our souls into making sure that our platform is always the most modern, high-performance CMS on the market. In fact, we invested over $100,000 worth of hours into our platform in Q1 2021 alone. This has resulted in updates and performance enhancements that publishers would have to pay for on their own to make happen on any other platform, such as WordPress. We're proud to be at a level of scale where we can invest this way into our platform, and we will continue to invest at this rate every quarter moving forward just as we have in the past.

Here are the major updates that we've added to the platform in Q1.

Keep reading... Show less
Build on a Better PlatformReady to See More?
Request a Proposal
An Important Note on Site Quality From Google’s Search Expert
Rebel Insights

An Important Note on Site Quality From Google’s Search Expert

Do you ever wonder if a few typos can impact your site’s search performance? According to Google’s Search Advocate John Mueller, it takes more than just a few grammatical missteps for Google’s crawler to determine your site’s quality.

During a New Year’s Eve Office Hours hangout, Mueller said that if certain portions of a website are deemed low quality, it can negatively impact the site’s search ranking overall. A good example of this is a site that has different language versions within the same domain. If the site has a French-language version that is made up of quality content, but the English translation isn’t up to the same standard, the ranking of the French version of the site could be negatively impacted.

Keep reading... Show less
Build on a Better PlatformReady to See More?
Request a Proposal