If you discover a security issue with a theme listed in the ClassicPress Theme Directory, we encourage responsible and reasonable disclosure of the security issue. Therefore, please do not publicly release details of the issue anywhere, as this can lead to an increase in people being hacked and rarely speeds up resolution of the issue.
The first step in reporting a security issue with a theme is to contact the developer via their standard support channels or by sending a direct message to them on the forum. In your report, please include the following:
- a clear and concise description of the security issue;
- a link to the specific theme in the ClassicPress Theme Directory; and
- details of who validated the security issue.
It is also recommended to include links to any public disclosures on third party sites.
If you do not receive an acknowledgement from the developer in 72 hours, the second step in reporting a security issue is to email the details listed above to [email protected].
The Theme Directory moderators will attempt to make contact with the theme developer to get the issue resolved. The theme may be closed to prevent new downloads until the issue is resolved. You might not receive any notifications of progress until a fix has been released.