A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# PloyWP Security Policy

Contact: security@ploywp.com
Expires: 2026-06-23T00:00:00.000Z
Encryption: https://ploywp.com/pgp-key.txt
Acknowledgments: https://ploywp.com/security/acknowledgments
Preferred-Languages: en
Canonical: https://ploywp.com/.well-known/security.txt

# Reporting Security Vulnerabilities

We take security seriously at PloyWP. If you discover a security vulnerability, 
please report it to us responsibly.

## Scope

This policy applies to vulnerabilities in:
- The PloyWP website (https://ploywp.com)
- PloyWP application and services
- PloyWP API endpoints

## How to Report

1. Email: security@ploywp.com
2. Include detailed information about the vulnerability
3. Steps to reproduce the issue
4. Potential impact assessment

## What to Expect

- Acknowledgment within 48 hours
- Regular updates on the fix progress
- Credit in our security acknowledgments (if desired)

## Safe Harbor

We will not pursue legal action against security researchers who:
- Act in good faith
- Avoid privacy violations
- Do not exploit vulnerabilities beyond verification
- Report issues promptly

Thank you for helping keep PloyWP secure!