I observed to access some functionality we need Enterprise plan

But when I click on the endpoint, a popup appears asking me to upgrade the plan

and it was handled client side, no request is sent to the server

so, I try to access that endpoint, but it says "Not Found"

Hmm, I need the exact endpoint

I checked the JS files to find the endpoint and also discover other endpoints that aren't included in the free plan

When I directly append those endpoints in the url, I can access them without upgrading the plan.

I reported it and got this reply the from security team

This appears to be a UI/UX issue where users can see Enterprise pages but cannot actually use them, rather than a security vulnerability. The systems properly prevent unauthorized access to data or functionality.

I again record a detail poc showing all the functions and features are fully accessible and not just a UI/UX bug

after that it was accept and rewarded 🎉