Bug bounty challenge by MyThemeShop

The folks over at MyThemeShop.com (MTS) emailed a while back and announced their own bug bounty which aims to identify flaws in their website:

In an effort to improve our user experience on our website and help our users better be able to find, preview and purchase new themes, we are announcing a new bug bounty program for MyThemeShop.com

Here’s how it works: For every technical bug that you find on our website, if you report to https://mythemeshop.com/contact-us/#bug with a description of the bug, you will win $50 for each bug. It’s first come, first serve, so be the first to report the issues you find. We are especially interested in any bugs, errors or issues related to our checkout process.

Thank you for your help and loyalty to MyThemeShop!

P.S. This bounty program is about MyThemeShop.com only and not about our products or services.

One of the fist security concerns related to MTS is their account signup system which does not let you choose a password, but rather generates one for you. And if emailing the password in plain text wasn’t risky enough the password generated is very weak as in my case it was made out of only lowercase letters.

I’m pretty sure there are several other security concerns and flaws so if you’re reading this and need some beer money then go for it!