You can report any security bugs found in the source code of this plugin through the Patchstack Vulnerability Disclosure Program. Please search for the plugin in their database and use the appropriate page to submit the issue. The Patchstack team will assist you with verification, CVE assignment and take care of notifying the developers of this plugin.
Emilia Capital takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. Patchstack will work with you and us to deal with the security issue as best as possible.
Once an issue is reported, Emilia uses the following disclosure process:
- When a report is received, we confirm the issue and determine its severity together with Patchstack.
- If we know of specific third-party services or software that require mitigation before publication, those projects will be notified.
- An advisory is prepared (but not published) which details the problem and steps for mitigation.
- Patch releases are published and the advisory is published.
- Release notes and our CHANGELOG.md will include a
Security
section with a link to the advisory.
We credit reporters for identifying vulnerabilities, although we will keep your name confidential if you request it.