You can report any security bugs found in the source code of this plugin through the Patchstack Vulnerability Disclosure Program. The Patchstack team will assist you with verification, CVE assignment and take care of notifying the developers of this plugin.

I take security bugs very seriously. I appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. Patchstack will work with you and me to deal with the security issue as best as possible.

Once an issue is reported, I will use the following disclosure process:

• When a report is received, I confirm the issue and determine its severity together with Patchstack.
• If we know of specific third-party services or software that require mitigation before publication, those projects will be notified.
• An advisory is prepared (but not published) which details the problem and steps for mitigation.
• Patch releases are published and the advisory is published.
• Release notes and our readme.txt will include a Security section with a link to the advisory.

We credit reporters for identifying vulnerabilities, although we will keep your name confidential if you request it.