Vulnerability Reporting

We take security seriously and participate in a managed vulnerability disclosure program through Patchstack, a leading WordPress security platform. This program ensures that security vulnerabilities in our plugins are handled professionally and responsibly.

Our Plugins in the Program​

We currently have two WordPress plugins enrolled in Patchstack's managed vulnerability disclosure program:

Pixel Manager for WooCommerce​

Pixel Manager for WooCommerce is our flagship tracking and pixel management plugin that helps WooCommerce store owners implement accurate conversion tracking for Google Ads, Facebook, Google Analytics, and other marketing platforms.

• Plugin Page: View on WordPress.org
• Documentation: Read the docs
• Patchstack Program for the Pixel Manager for WooCommerce: View vulnerability program

Google Automated Discounts for WooCommerce​

Google Automated Discounts for WooCommerce enables WooCommerce stores to automatically apply and track Google Ads promotional offers, helping increase conversion rates and ROI from Google advertising campaigns.

• Patchstack Program for the Google Automated Discounts for WooCommerce: View vulnerability program

About Patchstack's Managed Vulnerability Program​

Patchstack's Vulnerability Disclosure Program (VDP) provides a secure and structured way for security researchers to report vulnerabilities. Here's what makes this program effective:

• Professional Security Team: Vulnerabilities are triaged and validated by Patchstack's expert security researchers
• Responsible Disclosure: All reports follow industry best practices for responsible disclosure
• Coordinated Response: We work together with Patchstack to ensure timely patches and proper communication
• Recognition: Security researchers receive proper credit for their findings
• Transparency: The program maintains transparency while protecting users during the disclosure process

How It Works​

1. Discovery: Security researchers find a potential vulnerability in one of our plugins
2. Reporting: They submit the finding through the embedded forms above or directly through Patchstack
3. Validation: Patchstack's security team validates and triages the report
4. Coordination: We work together to develop and test a fix
5. Disclosure: The vulnerability is disclosed responsibly after a patch is available
6. Recognition: The researcher receives proper credit for their contribution

Why We Participate​

Security is a shared responsibility in the WordPress ecosystem. By participating in Patchstack's managed vulnerability program, we ensure that:

• Users are protected through coordinated and timely security updates
• Researchers are incentivized to report vulnerabilities responsibly rather than exploiting them
• The WordPress community benefits from improved security practices across all plugins
• Transparency is maintained while protecting users during the vulnerability resolution process

If you discover a security vulnerability in any of our plugins, please use the reporting forms above or visit the respective Patchstack program pages. Thank you for helping us keep the WordPress community secure!