Scam Alert: wayfair.com — The program don’t accept any kind of csrf vulnerability and Their response time is very very bad.
Company / Program: wayfair.com
Platform: HackerOne · Severity: medium · Scam type: ignored
Published:
Reported by: Anonymous
Normally most of the program mention in the out of scope that csrf on unauthenticated endpoint or with no impact is out of scope, But csrf with impact is in scope. In wayfair they don’t accept any csrf vulnerability even if the impact is high and they don’t have proper explanation for that. The response of this program is too much unbearable. I recommended to don’t hunt on wayfair.