pluxee-global-bug-bounty-program
14
In Scope
7
Out of Scope
In-Scope Assets (14)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https://api.pluxee.app/gl/cwc/consumer-front-api/ | URL | Yes | ||
| https://api.pluxee.app/gl/eva/bff | URL | Yes | ||
| https://apps.apple.com/fr/app/pluxee/id1437173271 | IOS | Yes | - | |
| https://apps.apple.com/ro/app/pluxee/id6504407951?l=ro | IOS | Yes | - | |
| https://connect.pluxee.app | URL | Yes | ||
| https://consommateurs.pluxee.tn | URL | Yes | ||
| https://consumatori.pluxee.ro | URL | Yes | ||
| https://consumers.pluxee.[at|bg|de|lu] | URL | Yes | - | |
| https://play.google.com/store/apps/details?id=com.pluxeegroup.consumers.global | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.sodexo.cwc.ro&hl=en | ANDROID | Yes | ||
| https://www.inspirus.com | WILDCARD | Yes | ||
| https://www.pluxee.[fr|ro|be|cz|de|ph|tn|ma|at|bg|cl|lu|co.id|com.tr|uk|pt|es|mx|co|pe|uy|it|pa|in|com.br] | WILDCARD | Yes | - | |
| https://www.pluxeeforfintech.mx | WILDCARD | Yes | ||
| https://www.pluxeegroup.com | WILDCARD | Yes |
Out-of-Scope Assets (7)
| Asset | Category | Bounty | |
|---|---|---|---|
| Any asset not listed in the scope section | OTHER | Yes | |
| Non-production assets hosted on our wildcards scopes are considered as out of the scope of this program (e.g. domains with "uat", "tst", "pprd", "dev", "demo", ...). | OTHER | Yes | |
| clientes.pluxee.com.br | OTHER | Yes | |
| flex.clientes.pluxee.es | OTHER | Yes | |
| portal-atos.clients.uat.pluxee.be | OTHER | Yes | |
| portal.clients.pluxee.be | OTHER | Yes | |
| terceros.clientes.pluxee.co | OTHER | Yes |
Scope Changes (21)
Apr 16, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://www.pluxeegroup.com | WILDCARD | In Scope | 18:33 |
| Added | https://www.pluxee.[fr|ro|be|cz|de|ph|tn|ma|at|bg|cl|lu|co.id|com.tr|uk|pt|es|mx|co|pe|uy|it|pa|in|com.br] | WILDCARD | In Scope | 18:33 |
| Added | https://www.pluxeeforfintech.mx | WILDCARD | In Scope | 18:33 |
| Added | https://www.inspirus.com | WILDCARD | In Scope | 18:33 |
| Added | https://consumers.pluxee.[at|bg|de|lu] | URL | In Scope | 18:33 |
| Added | https://consumatori.pluxee.ro | URL | In Scope | 18:33 |
| Added | https://consommateurs.pluxee.tn | URL | In Scope | 18:33 |
| Added | https://play.google.com/store/apps/details?id=com.sodexo.cwc.ro&hl=en | ANDROID | In Scope | 18:33 |
| Added | https://apps.apple.com/fr/app/pluxee/id1437173271 | IOS | In Scope | 18:33 |
| Added | https://api.pluxee.app/gl/cwc/consumer-front-api | URL | In Scope | 18:33 |
| Added | https://connect.pluxee.app | URL | In Scope | 18:33 |
| Added | https://api.pluxee.app/gl/eva/bff | URL | In Scope | 18:33 |
| Added | https://apps.apple.com/ro/app/pluxee/id6504407951?l=ro | IOS | In Scope | 18:33 |
| Added | https://play.google.com/store/apps/details?id=com.pluxeegroup.consumers.global | ANDROID | In Scope | 18:33 |
| Added | any asset not listed in the scope section | OTHER | Out of Scope | 18:33 |
| Added | non-production assets hosted on our wildcards scopes are considered as out of the scope of this program (e.g. domains with "uat", "tst", "pprd", "dev", "demo", ...) | OTHER | Out of Scope | 18:33 |
| Added | clientes.pluxee.com.br | OTHER | Out of Scope | 18:33 |
| Added | portal.clients.pluxee.be | OTHER | Out of Scope | 18:33 |
| Added | flex.clientes.pluxee.es | OTHER | Out of Scope | 18:33 |
| Added | terceros.clientes.pluxee.co | OTHER | Out of Scope | 18:33 |
| Added | portal-atos.clients.uat.pluxee.be | OTHER | Out of Scope | 18:33 |