Report Security Issues

Security Vulnerability Disclosure & Bug Bounty Program

At GameToy (gamewordtoys.com), we take the security and privacy of our users seriously. We appreciate the efforts of security researchers who help us identify and responsibly disclose potential vulnerabilities in our systems.

If you believe you have discovered a security vulnerability affecting our website, services, or infrastructure, we encourage you to report it responsibly by following the guidelines below.

Responsible Disclosure Guidelines

When reporting a security issue to gamewordtoys.com, we ask that you:

  1. Allow us reasonable time to investigate and resolve the reported vulnerability before publicly disclosing any related information.

  2. Do not access, modify, or interact with private user accounts or data without explicit permission from the account owner.

  3. Make a good-faith effort to avoid privacy violations, data destruction, service disruption, or degradation of our systems.

  4. Do not exploit any discovered vulnerability for any purpose, including attempting to access sensitive company or user data.

  5. Comply with all applicable laws and regulations during your research.

If these guidelines are followed, GameToy will not initiate legal action related to your report.

Bug Bounty Program

We recognize and value the contributions of security researchers who help improve the safety of our platform. In certain cases, we may offer monetary rewards for valid vulnerability reports.

All bounty decisions are made at the sole discretion of gamewordtoys.com, based on factors such as risk level, impact, and report quality.

To be eligible for a potential bounty, you must:

  1. Adhere to the Responsible Disclosure Guidelines outlined above.

  2. Report a genuine security vulnerability that poses a real security or privacy risk.

  3. Submit your report through our official security contact channel (please do not contact individual employees).

  4. Fully disclose any unintended access to confidential data or service disruption encountered during testing.

  5. Understand that report review times may vary depending on severity and volume.

  6. Acknowledge that we reserve the right to publish anonymized reports after resolution.

Rewards & Severity Levels

Bounty rewards are determined by the severity and impact of the vulnerability. The amounts listed below represent maximum potential rewards.

Critical Severity – up to £200

Vulnerabilities that allow:

  • Remote code execution

  • Privilege escalation to administrative access

  • Financial theft or full account compromise

  • Critical SQL injection vulnerabilities

High Severity – up to £100

Vulnerabilities that significantly affect platform security, including:

  • Authentication bypasses

  • Disclosure of sensitive internal information

  • Cross-site scripting affecting other users

  • Local file inclusion

  • Insecure authentication handling

Medium Severity – up to £50

Vulnerabilities affecting multiple users with minimal interaction required, such as:

  • Business logic flaws

  • Insecure direct object references

Low Severity

Issues with limited impact or requiring significant user interaction, including:

  • Open redirects

  • Reflective XSS

  • Low-sensitivity information disclosure

Additional Notes

  • Reports must include clear, reproducible steps. Incomplete reports may not qualify for a reward.

  • Duplicate reports are rewarded only once, based on the first valid submission.

  • Multiple issues caused by the same underlying vulnerability are treated as a single report.

  • All final reward decisions are made by gamewordtoys.com.

If you have identified a potential security issue, please contact us responsibly.
We appreciate your efforts in helping keep GameToy safe for everyone.