At Digitoimisto Dude, we offer hosting and upkeep for our clients. Most of them do not have comprehensive knowledge related to security or privacy issues. That’s why we are asking you to report the security issues directly to us.
After receiving a disclosure, we will let all affected customer know about that with all the important details included. In case the disclosed issue is severe or the reporter asks us, we’ll make sure that the client acknowledges receipt of the information directly to the reporter.
In order to protect our customers, we request that you do not post or share any information about disclosed issues publicly until we have researched, responded to, and addressed the reported issue and informed customers.
Following default WordPress functionalities are not eligible for security reports, as we’ve taken other precautions to mitigate the possible problems:
- Open REST API /users/ endpoint
- Open author archives (user enumeration)
- Sites under subdomains that are not under our control or servers
- Public archived Github repositories
- Reveal.js based or any other repository for presentations