Yesterday I received an email from Chris Mazzula, clamming to be a ethical hacker, and they found a “bug” in my wordpress website, xmlrpc.php exploit from 2018. Now for reporting this “Bug” to me i got this response,
I think it would be justifiable if your website grant me a reward as a token of appreciation.
Standard reward for this bug as per hackerone bug bounty policy:
When I stated , Well maybe if I had asked you to do this for me I would be happy to pay you, however I am not in the practice of paying random visitors to my website.
Has anyone else had this issue?