Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Security Policy

This security policy applies to public projects under the [Kit organization](https://github.com/kit) on GitHub.

## Reporting a Vulnerability

If you discover a security vulnerability, please report via any of the below:

- [BugCrowd](https://docs.bugcrowd.com/researchers/reporting-managing-submissions/reporting-a-bug/#creating-a-vulnerability-report)
- [PatchStack](https://patchstack.com/database/vdp/1010ebe1-02b2-4144-8297-b8cddba0ce7d)
- [GitHub](https://github.com/Kit/convertkit-wordpress/security/advisories)
- [Email](mailto:security@kit.com)

Please do **not** report security issues publicly via GitHub issues or discussions. Security reports sent via the above channels be acknowledged within 48 hours.

## Security Disclosure Process

When reporting a security vulnerability, please include:

1. **Description** - A clear description of the vulnerability
2. **Impact** - What kind of vulnerability it is and who it impacts
3. **Reproduction** - Detailed steps to reproduce the issue
4. **Proof of Concept** - If applicable, include proof-of-concept code
5. **Suggested Fix** - If you have ideas for how to fix the issue

## Security Response Timeline

- **Initial Response**: Within 48 hours of receiving the report
- **Investigation**: We will investigate and validate the reported vulnerability
- **Fix Development**: Development of a patch or mitigation strategy
- **Release**: Coordinated disclosure and release of security update
- **Public Disclosure**: After users have had time to upgrade
3 changes: 3 additions & 0 deletions readme.txt
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,9 @@ Comprehensive documentation is available at: [Kit WordPress Plugin Setup Guide](

The documentation covers newsletter form setup, landing page configuration, membership site creation, email marketing automation, subscriber segmentation, and all plugin features for growing your email newsletter.

= Where do I report security bugs found in this plugin? =
Please report security bugs found in the source code of the Kit (formerly ConvertKit) plugin through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/1010ebe1-02b2-4144-8297-b8cddba0ce7d). The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.

== Screenshots ==

1. Create stunning email newsletter subscription forms and landing pages in Kit's visual editor optimized for email subscriber conversion
Expand Down
Loading