We actively maintain and provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | β Yes |
| < Latest | β No |
If you discover a security vulnerability in the WordPress Database Import & Domain Replacement Tool, please report it responsibly:
- Email: [Create an issue with the security label]
- Response Time: We aim to respond within 48 hours
- Resolution Time: Security issues are prioritized and typically resolved within 7 days
When reporting a security vulnerability, please include:
- Description - Clear description of the vulnerability
- Impact - Potential impact and severity
- Steps to Reproduce - Detailed reproduction steps
- Environment - OS, Bash version, and other relevant details
- Proof of Concept - If applicable (without causing harm)
- Command Injection - Improper input sanitization
- Path Traversal - Directory traversal vulnerabilities
- Code Execution - Arbitrary code execution risks
- SQL Injection - Database security issues
- Information Disclosure - Exposure of sensitive data
- Privilege Escalation - Unauthorized access elevation
This tool follows security best practices:
- β Input Validation - All user inputs are sanitized
- β Path Safety - Uses absolute paths to prevent traversal
- β SQL Safety - Uses WP-CLI for database operations
- β Temporary Files - Process-specific temporary file naming
- β Error Handling - Comprehensive error management
- Assessment - We evaluate the reported vulnerability
- Fix Development - Security fix is developed and tested
- Release - Fix is released as a security update
- Notification - Security advisory is published
- Credit - Reporter is credited (if desired)
We appreciate responsible disclosure and will:
- Acknowledge your report within 48 hours
- Provide regular updates on our progress
- Credit you in our security advisory (if desired)
- Work with you to ensure the vulnerability is properly addressed
Thank you for helping keep the WordPress Database Import Tool secure! π‘οΈ