If you discover a security vulnerability in the WP Ingresso plugin, please follow these steps:
- Contact us via [email protected].
- Provide detailed information about the vulnerability, including:
- Steps to reproduce the issue.
- The version of the plugin you're using.
- Any relevant logs or screenshots.
- Please do not disclose the vulnerability publicly until we have addressed it and released a patch.
We aim to:
- Acknowledge your report within 48 hours.
- Provide an initial assessment within 5 business days.
- Release a fix or mitigation within 90 days, depending on the severity and complexity of the issue.
The following versions of WP Ingresso are actively maintained and receive security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ Yes |
To ensure the safe use of the WP Ingresso plugin:
- Always keep the plugin updated to the latest version.
- Use the plugin in a secure WordPress environment, with:
- The latest version of WordPress.
- Properly configured server permissions.
- Regularly audit your site and third-party plugins for vulnerabilities.
This plugin relies on external libraries and APIs (e.g., the Ingresso.com API). Please ensure that:
- Your API keys and/or credentials are stored securely.
- You monitor any changes in the terms or functionality of these external services.
We welcome feedback on how we can improve the security of WP Ingresso. Please feel free to reach out with suggestions or concerns.