Responsible Disclosure: Help Us Protect Aegisify Customers

Security researchers play an important role in keeping software safer. If you believe you have found a vulnerability in Aegisify, Aegisify Audit, the Aegisify Agent, or an Aegisify WordPress plugin, please report it responsibly so the issue can be reviewed and addressed without putting customers at risk.

This page explains how to report suspected security issues safely, what testing is allowed, and what activity is not acceptable.

What to Report

• Authentication or authorization bypass.
• Cross-site scripting, SQL injection, insecure direct object reference, or request forgery risks.
• Sensitive data exposure.
• Vulnerabilities in Agent connection, telemetry access, scan data handling, or SaaS workflows.
• Security issues that could affect customer WordPress Security Audit data, logs, plugin security results, SAST findings, DAST-style evidence, or AI-assisted report data.

Do Not Perform Destructive Testing

Responsible disclosure does not permit testing that harms Aegisify, customers, customer data, service availability, or third-party systems.

• Do not access, copy, modify, or delete customer data.
• Do not run denial-of-service, load, spam, or destructive tests.
• Do not use social engineering, phishing, or physical attacks.
• Do not publicly disclose a vulnerability before Aegisify has reviewed it.
• Do not test against customer WordPress sites unless you own them or have written permission.

How to Submit a Report

Send a clear report to support@aegisify.com and include “Security Report” in the subject line.

Include the following:

• Affected product or URL.
• Clear description of the issue.
• Steps to reproduce using safe, non-destructive testing.
• Impact explanation.
• Screenshots or logs, redacted where needed.
• Your contact information for follow-up.

Safe Harbor Intent

Aegisify appreciates good-faith security research that follows this policy. If you act in good faith, avoid privacy violations, avoid service disruption, and report the issue responsibly, Aegisify intends to work with you to understand and remediate the report.

Bounties and Rewards

Aegisify does not guarantee a bounty, payment, reward, or public recognition unless a written bounty program is active and the report qualifies under that program. Security reports are still appreciated even when no bounty is available.

Why This Matters

Aegisify handles WordPress Security Audit signals, Agent data, plugin security details, logs, SAST and DAST-style findings, and AI-assisted analysis. Responsible reporting helps protect the platform, the customers who rely on it, and the trust required for security software.