At FL Baby Marketplace, we take security seriously. If you believe you have found a security vulnerability on our website or services, please report it to us immediately at admin@flbabymarketplace.com.

We review legitimate vulnerability reports and make reasonable efforts to resolve confirmed issues as quickly as possible.

Responsible Disclosure Guidelines

When researching or reporting a security issue, we ask that you follow these guidelines:

• Give us reasonable time to review and fix the issue before making any information public.
• Do not access, modify, delete, or disclose data that does not belong to you.
• Do not interact with private accounts unless you have explicit permission from the account owner.
• Make a good-faith effort to avoid privacy violations, data loss, service disruption, or degradation of our services.
• Do not exploit any vulnerability beyond what is necessary to demonstrate its existence.
• Do not violate any applicable laws or regulations.

How to Submit a Report

To help us review your report efficiently, please include the following information:

• A clear description of the vulnerability.
• Steps to reproduce the issue.
• The affected URL, page, feature, or endpoint.
• Any screenshots, proof-of-concept details, or supporting evidence.
• Your contact information so we can follow up if needed.

Bounty Program

FL Baby Marketplace may, at its sole discretion, recognize and reward security researchers who report valid vulnerabilities. Any bounty amount depends on the severity, impact, exploitability, and quality of the report.

Submitting a report does not guarantee a monetary reward. Duplicate reports, low-impact issues, or reports without enough detail to reproduce the issue may not qualify for a bounty.

Reward Guidelines

• Critical Severity — up to $200: Issues such as remote code execution, remote command execution, privilege escalation to administrator access, serious authentication bypass, financial theft, or SQL injection exposing sensitive data.
• High Severity — up to $100: Issues such as lateral authentication bypass, significant sensitive information disclosure, stored cross-site scripting affecting other users, local file inclusion, or insecure authentication cookie handling.
• Medium Severity — up to $50: Issues affecting multiple users with limited interaction required, such as insecure direct object references or significant business logic flaws.
• Low Severity: Issues with limited impact or requiring significant user interaction, such as open redirects, reflected XSS, or low-sensitivity information leaks.

Contact Us