To publish your VDP, please add a disclaimer to your project readme, FAQ (or alternative) so security researchers have a point of contact (VDP URL) to report findings.

Example FAQ Copy to clipboard

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. [Report a security vulnerability.](

Remember to push the update to your plugin for the disclaimer to be visible. Once done, e-mail us at for the VDP to be made public. Until then, you may access and review using the PIN included in the e-mail link.

Mobile Menu

Let us know if we have missed a vulnerability reported elsewhere

Mobile Menu Close

Thank you for contributing!

Close Mobile Menu