Please report security vulnerabilities privately. Do not open a public issue, pull request or discussion for them.
Preferred — GitHub private vulnerability reporting: open a private report at https://github.com/tts-empire/spawnwp/security/advisories/new (or Security → Report a vulnerability on the repository). This creates a private advisory visible only to you and the maintainers.
Alternative: use the contact concierge on https://spawnwp.com and choose Security. Your report reaches the maintainers privately by email.
Please include:
- a description of the issue and its impact,
- the SpawnWP version and the operating system,
- clear steps to reproduce, with a proof of concept if possible.
- We aim to acknowledge your report within a few days.
- We will investigate, keep you updated, and coordinate a fix and its disclosure.
- Please give us reasonable time to release a fix before any public disclosure. We are happy to credit reporters who follow this process.
Security fixes are provided for the latest released version. Please update to the current release before reporting, in case the issue has already been fixed.