Presspage takes its security seriously, and welcomes vulnerability reports at cvd [at] presspage [dot] com. At present, there is no bug bounty program in place, and we have no plans to implement one.
Per our Terms & Conditions, testing our production environment is prohibited. That said, if you come across a vulnerability anyway, we want to hear about it.
Please provide a report that includes steps to reproduce. Screenshots, videos and/or scripts are very welcome.
Out of scope are the following:
- DDoS and brute-force attacks
- Third-party services
- Social engineering
- Anything leading to data loss, data changes, or degraded performance.
Note that you may not test the newsrooms of customers without explicit written permission.