Infrastructure and Security

RebelMouse’s Security Bug Bounty Program

RebelMouse’s Security Bug Bounty Program

At RebelMouse, the security and privacy of our clients is of the utmost importance. We work around the clock to maintain an infrastructure that's secure and shielded from any potential vulnerabilities. Click here to learn more.

To strengthen our commitment to security, RebelMouse offers a bug bounty program. If you believe you've found a security issue on our site, or any of the sites we power, we may compensate you for your discovery. We look at all submitted reports, and if we agree that it's a valid finding, we'll pay $250 for each one.

Here's more information about what qualifies as a security vulnerability and how to report a bug:

Qualifying Vulnerabilities

To classify vulnerabilities, we use the OWASP Top 10 as a guideline, which is published and maintained by The Open Web Application Security Project (OWASP). This includes:

  • Remote Code Execution (RCE)
  • SQL Injection
  • Local-Remote File Inclusion (LFI/RFI)
  • XML External Entity (XXE)
  • Broken Authentication (2FA Bypass, etc.)
  • Sensitive Data Exposure
  • Cross-Site Scripting (XSS)
  • Security Misconfiguration
  • Using Components With Known Vulnerabilities (With Examples)
  • Server-Side Request Forgery (SSRF)
  • Сross-Site Request Forgery (CSRF)
  • Insecure Direct Object References (IDOR)
  • Flood-Control Bypass
  • Privacy Bypass
  • Other Injections

Non-Qualifying Vulnerabilities

  • Reports from security scanners and other automated systems
  • Vulnerability reports based solely on software/protocol versions without a valid proof of concept
  • Reports about missing protection mechanisms or mismatched recommendations (for example, the absence of a CSRF token) without referring to a concrete negative consequence
  • Logout CSRF
  • Self-XSS
  • Framing
  • Clickjacking
  • Reports about Open Redirect
  • IDN homograph attacks
  • Attacks that require complete access to a user's page or browser profile
  • Vulnerabilities within third-party services

Strictly Prohibited

  • DDoS attacks
  • Social engineering
  • Gaining physical access to the servers/infrastructure
  • Threats/Harm to company employees

Moreover, such actions will be prosecuted to the fullest extent of the law, without exception.

Report Recommendations

When writing your report, be sure to include the following to increase your chances of receiving a reward:

  • The domain containing the vulnerability
  • The type of vulnerability
  • Examples of exploiting it, captured by screenshots or screencasts
  • Methods of reproducing the vulnerability
  • What impact the vulnerability has
  • Recommendations for fixing the vulnerability


  • The standard reward is $250 USD per bug/vulnerability
  • The reward will only be given to the first researcher that reports a previously unknown vulnerability
  • We consider the exploitation of discovered vulnerabilities to be extremely unethical, and we will not provide a reward in such cases

Domains That Are Out of Scope

  • * (except and
  • * (except

If you have a security bug to submit to our program, please email for a submission form. Once the issue is evaluated and deemed to be valid, we will contact you about your reward. Good luck hunting!

What Is RebelMouse?
Request a Proposal
subscription model for publishers
Rebel Insights

In 2023, Publishers Take Back Control With Subscription Success

Users are ready to pay for content that delivers

The Rise of the Mature User

It's been a long and winding path, but in 2023 the subscription model continues its upward trajectory as a top revenue strategy for publishers of all sizes. The tug of war between platforms and publishers reached its peak in the last few years of the previous decade, leaving users desperate for a modern user experience that's clear of any clutter from the duopoly that is Google and Facebook. This is why intelligent paywall models are a top choice for users looking to consume content right from the source. When done correctly, the strategy can work for any type of media. The New York Times, a frequent showpiece example of the power of paywalls, is constantly reporting record-busting subscription numbers, with 7.6 million digital subscriptions in 2021.

And it all makes perfect sense. The subscription model eliminates the middleman — such as the platforms — so readers get the experience and content they want, and publishers get the cash they need.

Keep reading...Show less
Meet the RebelMouse Platform: The Highest Performing CMS on the Web
Rebel Insights

Meet the RebelMouse Platform: The Highest Performing CMS on the Web

Make sure your site is set up for success in 2022.

In the spring of 2020, Google let the world know that its Core Web Vitals would become the new benchmark for measuring a site's performance in its search results, known as the page experience update. Fast forward to more than a year later in August 2021 when, after much anticipation, Google's page experience update became official.

Since its rollout, developers have felt the impact of how their publishing platforms stack up against the new standard. Important decisions around the architecture of your site can now make or break your site's performance in the eyes of Google.

HTTP Archive, a tracking platform that crawls the web to identify trends and record historical patterns, frequently reports on how top content management systems (CMS) have weathered the page experience update through the creation of its Core Web Vitals Technology Report. RebelMouse has consistently outperformed major CMS platforms on Google's most critical metrics throughout the year:

Getting superior scores on Google's performance benchmarks isn't easy, either. The Ahrefs blog analyzed Core Web Vitals data from the Chrome User Experience Report (CrUX), which is data from actual Chrome users, to see how the web stacks up against Core Web Vitals. Their study found that only 33% of sites on the web are passing Core Web Vitals.

data from Ahrefs tracked on a line chart finds that shows only 33% of sites on the web pass Google's Core Web VitalsFrom Ahrefs.

Luckily, performing well on Core Web Vitals is possible with thoughtful, strategic changes to your site’s codebase. Here's what you need to know and how we can help.

Keep reading...Show less
Interested in a Free Website Health Check?Check Your
Website's Health
Get Your Free Analysis Now