Report a Vulnerability

If you believe you have found a security issue that meets Whatfix’ definition of a vulnerability, please submit the report to our security team via one of the methods below:

If you are a customer: Submit a ticket to our support team

If you are a security researcher: Submit a report through our Vulnerability Disclosure Program

Definition Of A Vulnerability

Whatfix considers a security vulnerability to be a weakness in our Whatfix Digital adoption Platform or the supporting infrastructure of the Platform that could allow an attacker to impact the confidentiality, integrity, or availability of the product or infrastructure.

Note: The corporate Website of Whatfix is not in scope.

Vulnerability Disclosure Program

Whatfix has a Vulnerability Disclosure Program for its Digital Adoption Platform. Security researchers can receive cash payments or vouchers in exchange for a qualifying vulnerability report submitted to Whatfix via our VDP program.

Click here to participate in our Vulnerability Disclosure Program.

Responsible Disclosure:

In order to protect our customers, Whatfix requests that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability, and informed customers if needed. Also, we respectfully ask that you do not post or share any data belonging to our customers. Addressing a valid reported vulnerability will take time, and the timeline will depend upon the severity of the vulnerability and the affected systems.