Report Security Issues

Security Vulnerability Disclosure & Bug Bounty Program
Last Updated: February 18, 2026

At Kids World, the security of our website and customer data is extremely important. If you have discovered a security vulnerability on kidsworld.baby, we encourage you to report it responsibly. We review all legitimate vulnerability reports and aim to resolve issues as quickly as possible.

Before submitting a report, please review the guidelines below.

Fundamentals

If you follow the principles below when reporting a security issue to Kids World, we will not initiate legal action against you for your report.

We ask that you:

  • Allow us reasonable time to investigate and resolve the issue before making any public disclosure

  • Do not access, modify, or interact with private user accounts or data without authorization

  • Make a good faith effort to avoid privacy violations, data loss, or disruption of our services

  • Do not exploit any vulnerability you discover

  • Do not violate any applicable laws or regulations

Bug Bounty Program

We appreciate security researchers who help protect our platform and users by responsibly reporting vulnerabilities.

Monetary rewards may be awarded at our discretion based on severity, impact, and report quality.

To be eligible:

  • You must follow the Fundamentals listed above

  • You must report a valid security vulnerability that poses a real risk

  • You must submit your report through our official contact email

  • If sensitive data is accessed unintentionally, you must disclose it immediately

We investigate all valid reports. Response times may vary depending on severity and report volume.

We reserve the right to publish anonymized vulnerability reports to improve transparency and security.

Reward Structure

Rewards are based on vulnerability severity and impact. All rewards are discretionary.

Critical Severity – up to £200
Examples include:

  • Remote Code Execution

  • Full system compromise

  • Privilege escalation (User to Admin)

  • SQL injection exposing sensitive data

  • Full account takeover

High Severity – up to £100
Examples include:

  • Authentication bypass

  • Exposure of sensitive data

  • Stored XSS affecting multiple users

  • Insecure authentication handling

Medium Severity – up to £50
Examples include:

  • Business logic vulnerabilities

  • Insecure Direct Object References (IDOR)

Low Severity – No guaranteed reward
Examples include:

  • Open redirects

  • Reflected XSS

  • Minor information disclosure

Report Quality Guidelines

To ensure eligibility:

  • Provide clear, detailed, and reproducible steps

  • Include proof-of-concept if possible

  • Duplicate reports will only be rewarded once

  • Multiple vulnerabilities from the same root cause may be treated as one

Reward decisions are based on severity, exploitability, and quality of the report.

Contact

To report a security vulnerability, please contact us:

Kids World
📍 Address: 24 High St N, London E6 2HJ, United Kingdom
📞 Phone: +44 2085480443
📧 Email: contact@kidsworld.baby
🌐 Website: kidsworld.baby

We appreciate your efforts in helping us maintain a safe and secure experience for our customers.