I had an extremely disappointing experience with Plisio.net regarding their bug bounty program. On Sep 12, I responsibly reported an Open Redirect vulnerability, which is a common and well-documented security issue that can be exploited for phishing attacks or redirection to malicious sites.
After 7 days of no response, I reached out for an update on my report, only to be told that their "specialists did not consider it a vulnerability." I was puzzled by this response because an Open Redirect is a recognized security flaw, so I asked them to clarify.
What made the situation worse is that on Sep 20, they had already fixed the issue but responded dismissively, pretending they didn't know what vulnerability I was referring to. Their condescending attitude and refusal to acknowledge my contribution made me feel like they were making fun of my report.
In short, if you're a security researcher looking to contribute through their bug bounty program, don't expect professionalism or recognition. They seem more interested in covering up vulnerabilities than working with the community to fix them. Avoid Plisio.net if you value transparency and respect!