If several groups of people who "barely even have knowledge" can profit from checking for well known vulnerabilities on websites and reporting them I say more power to them.
If there is an entire industry of people doing low effort work which then discovers vulnerabilities on a company's website that company should pay them, and probably fire some people they've already been paying for not putting in even that much effort to secure their own stuff.
Who is less ethical? The people reporting vulnerabilities and wanting to be paid for it or the companies who don't bother to invest in even basic security practices putting people's data at risk and allowing scammers and hackers to leverage those insecure systems to hurt others?
The word "companies" is doing a lot of work in your rant.
The vast majority of websites on the internet do not have a team behind them. That's exactly the reason why they lack maintenance.
So they're not intimidating well-funded companies, they're intimidating that nice guy that in 2003 build a website for the local bridge club. Volunteering his time and money to do so.
If there is an entire industry of people doing low effort work which then discovers vulnerabilities on a company's website that company should pay them, and probably fire some people they've already been paying for not putting in even that much effort to secure their own stuff.
Who is less ethical? The people reporting vulnerabilities and wanting to be paid for it or the companies who don't bother to invest in even basic security practices putting people's data at risk and allowing scammers and hackers to leverage those insecure systems to hurt others?