P5 in Bugcrowd but some programs still accept it.
Go to website and create an account.
In the password form, which should be invisible like *****, try to copy it.
Paste it on the clipboard. If you see the plaintext password, there is the vulnerability.