Report Security Issues

Wizards & Wonders

At Wizards & Wonders, we take the security of our website and customer data seriously.
If you believe you have discovered a security vulnerability on wizardswonders.co.uk, we encourage you to report it responsibly.

We review all legitimate reports and will make reasonable efforts to resolve verified issues promptly.

🛡 Responsible Disclosure Guidelines

If you follow the principles below when reporting a security issue, we will not initiate legal action against you for your report.

We ask that you:

  1. Give us reasonable time to investigate and resolve the issue before publicly disclosing it.

  2. Do not access, modify, or delete data belonging to other users without permission.

  3. Make a good-faith effort to avoid privacy violations or service disruption.

  4. Do not exploit the vulnerability for personal gain.

  5. Comply with all applicable laws and regulations.

📩 How to Report a Security Issue

Please send your report to:

📧 info@wizardswonders.co.uk

Include:

  • A detailed description of the issue

  • Steps to reproduce the vulnerability

  • The affected URL(s)

  • Screenshots or supporting evidence

Please do not contact individual employees directly regarding security issues.

🧪 Investigation Process

We review all valid reports.
Due to the volume of submissions, response times may vary.

If you unintentionally accessed sensitive information during your research, please disclose this in your report.

We reserve the right to publish anonymised summaries of confirmed vulnerabilities.

💰 Vulnerability Reward Program (Optional)

Wizards & Wonders may, at its discretion, reward security researchers for responsible vulnerability disclosures.

Rewards are based on:

  • Severity

  • Impact

  • Ease of exploitation

  • Quality of report

All reward decisions are made at our sole discretion.

🎯 Severity Levels & Example Rewards

🔴 Critical Severity (Up to £200)

Examples:

  • Remote Code Execution

  • Authentication bypass

  • SQL injection exposing sensitive data

  • Privilege escalation

🟠 High Severity (Up to £100)

Examples:

  • Cross-account access

  • Sensitive data exposure

  • Stored XSS affecting other users

🟡 Medium Severity (Up to £50)

Examples:

  • Business logic flaws

  • Insecure direct object references

🔵 Low Severity

Examples:

  • Open redirect

  • Reflected XSS

  • Minor information disclosure

⚠️ Important Notes

  • Duplicate reports may not be eligible for rewards.

  • Multiple issues caused by a single root vulnerability may be treated as one submission.

  • Reward amounts listed are maximum limits.

📍 Contact Information

Wizards & Wonders
United Kingdom

📧 info@wizardswonders.co.uk