POSIMYTH Security Program

POSIMYTH Innovations brings some of the most powerful plugins with a range of controls to make it easier to build complex sites on WordPress.

That’s why we take security as our topmost priority so that our users can use our plugins with confidence. Therefore, we would love to request that you share any security issues with us directly. Your efforts to make the web secure will be rewarded at best.

Please refer to the guidelines and rewards :

Severity	CVSS Rating	Award
Critical	9.0 – 10.0	500$+
High	7.0 – 8.9	300$+
Medium	4.0 – 6.9	100$+
Low	0.1 – 3.9	50$+

We reserve the right to reward amounts for those concerned about the severity of the issue and quality of your report after the final decision of the qualifying vulnerability

Our Products :

Product Name	Website	Free Version	Use Case
The Plus Addons for Elementor	Visit Website	Download Free	Our Popular Product for Elementor with more than 120+ Widgets & Extension to customize website
Nexter WP	Visit Website	Download Blocks Download Theme Download Extension	One-Stop Solution with 90+ WordPress Gutenberg Blocks, Extensions and Theme. Simplifying Website Design Like Never Before! Fast, Simple, Fully Customizable & Versatile.
WDesignKit	Visit Website	-NIL-	200+ Prebuild Website Templates , Sections for Elementor and Gutenberg

If you need PRO Version of our plugin(s)/theme, then please contact us at [email protected] to share the details about your usage

Basic Guidelines to be followed :

Show proper steps to reproduce and verify the working proof of the issue reported.

Please collect only the required details to explain the vulnerability.

Please only target your own accounts/system. Refrain from gaining access to any other account data.

We use Advanced Cloud Firewalls to prevent Brute Force, DDoS Attacks, avoid using mass scanning tools to attempt to report vulnerabilities or access our product websites

Multiple vulnerabilities caused by one underlying issue will only be eligible for one reward.

We only award the first report that was received for any specific vulnerability

Research Safety :

We will completely respect your skills and techniques which you want us to keep secret, we assure your methods will be kept secure and confidential. We would just need that to recreate the issue from our end with a minimum number of details as possible.

Safe Harbor :

We assure you that we will not take any legal action who participate in our Security Program and who act in good faith by following the correct guidelines mentioned.

Coordinated Disclosure :

If you have any plans to publicly disclose any of the vulnerabilities found in any plugins)(s)/theme mentioned, then please add this will into your report. We encourage you to not do that until :

We fix the vulnerabilities

The vulnerability time frame has reached, depending on its severity.

We’re mutually agreed upon

Things which do not cover :

Finding types that are specifically excluded from our program :

Mixed content warnings for passive assets like images and videos

Anything SSL (related attacks, insecure cipher suites, etc.)

Weak Captcha / Captcha Bypass

Lack of HTTP security headers (CSP, X-XSS, etc.) Lack of rate-limiting in HTTP endpoints.

Username / Email Enumeration

Brute Force attacks on our Login or Forgot Password pages

Account lockout enforcement and related attacks

HTTP security headers and Cookies related Issues

Weak password policies

Clickjacking

Vulnerabilities impacting only old or end-of-life platforms, browsers, and plugins

Anything related to Mail Server Domain Misconfiguration (Email spoofing, missing DMARC, SPF/DKIM, etc.)

How to Submit details to our Team?

If our team cannot reproduce and verify an issue, a bounty cannot be awarded. To help streamline our intake process, we ask that submissions include:

Detailed information of the bug, explain it impact

How we can reproduce the bug/ vulnerability

Share some media like images and videos for the issue

Are our user already impacted with the bug

List of URLs and affected parameters Device details/browser used during testing

Other necessary details that can help us identify the issue in-depth

And finally submit your detailed reports and findings at : [email protected]

Thank you so much for helping us in our vision to make web safer and secure for everyone.