Responsible Disclosure Policy

At SoloSecurities, the security and privacy of our systems and users are of the utmost importance. We are committed to maintaining the highest security standards and appreciate the work of security researchers who help us keep our platforms secure. We encourage responsible disclosure of vulnerabilities to ensure a safe and protected environment for all users.

How to Report a Security Issue

If you identify a security vulnerability on any of our platforms, please contact us immediately at security@solosecurities.com with the necessary details. To help us reproduce and understand the issue, include as much information as possible, such as:

• A clear description of the vulnerability
• Step-by-step instructions or proof of concept (screenshots, videos, etc.)
• Impact of the vulnerability (if applicable)

If you plan to publicly disclose the vulnerability, we ask for adequate time to resolve the issue before such information is made public. Our security team will work closely with you to agree on a reasonable timeline for mitigation.

Please avoid exploiting the vulnerability, especially if it could compromise user data or system integrity. Only responsible disclosures will be considered, and the exploitation of vulnerabilities for malicious purposes may result in legal action.

Scope of Vulnerabilities

The following website endpoints are in scope for vulnerability reporting:

• *.solosecurities.com
• *.solosecurities.in

Accepted Categories:

• SQL Injection (SQLi)
• Authorization and Authentication Flaws
• Cross-Site Scripting (XSS)
• Access Control Issues
• Gaining Unauthorized Access to Other User Accounts
• Sensitive Data Exposure
• Vulnerabilities Affecting User Data and Financial Transactions

Out of Scope:

• DoS & DDoS Attacks
• Rate Limiting on Forms
• Clickjacking
• Email Bombing
• Open Redirects
• WordPress User Enumeration (Author Disclosure, REST API user leaks, etc.)
• Clickjacking (on pages without sensitive actions)
• Host Header Injection without Impact
• Self-XSS (Requires user interaction in their own browser)
• Disclosing Publicly Available Information (robots.txt, headers, etc.)
• Automated Scan Reports without Proof of Exploitation
• Vulnerabilities Requiring Outdated Browsers or Operating Systems

What We Expect from You

• Confidentiality: Please report vulnerabilities responsibly by not sharing them with others until the issue is resolved.
• No Exploitation: Do not exploit any discovered vulnerabilities to compromise user data, system performance, or integrity.
• Patience: Allow us a reasonable amount of time to investigate and fix the vulnerability before public disclosure.

Acknowledgements and Recognition

While we do not offer cash rewards for disclosed vulnerabilities, we greatly appreciate the contributions of the security community. For valid and ethical disclosures, we will publicly acknowledge your efforts (with your consent) in the Hall of Fame section of our website.

Rewards

Currently, we do not offer monetary rewards for vulnerabilities. However, if your submission is valid, we will send you a token of our appreciation in the form of “AWESOME SWAG.”