POSIMYTH Security Program

POSIMYTH Innovations brings some of the most powerful plugins with range of controls to make it easier to build complex site on WordPress.

That’s why we take security as our topmost priority so that our users can use our plugins with confidence. Therefore, we would love to request to you to share any security issue with us directly. Your efforts to make web secure will be rewarded at best.

Please refer to guidelines and rewards :

SeverityCVSS RatingAward
Critical9.0 – 10.01000$+
High7.0 – 8.9500$+
Medium4.0 – 6.9300$+
Low0.1 – 3.950$+

We reserve the right to reward amounts for concerned for the severity of the issue and quality of your report after the final decision of the qualifying vulnerability

Our Products :

Product NameWebsiteFree Version Use Case
The Plus Addons for ElementorVisit WebsiteDownload FreeOur Popular Product for Elementor with more than 120+ Widgets & Extension to customize website
The Plus Addons for GutenbergVisit WebsiteDownload FreeCollection of 80+ Unique Gutenberg Blocks for WordPress default Block Editor
Nexter WP ThemeVisit WebsiteDownload Theme Download Extension WordPress Theme with complete Theme Builder soltuions to customize every part of website without touching single line of code
WDesignKitVisit Website-NIL-200+ Prebuild Website Templates , Sections for Elementor and Gutenberg

If you need PRO Version of our plugin(s)/theme, then please contact us at [email protected] sharing the details about your usage

Basic Guidelines to be followed :

Show proper steps to reproduce and verify the working proof of the issue reported.

Please collect only the required details to explain the vulnerability.

Please only target your own accounts/system. Refrain from gaining access to any other account data.

We use Advanced Cloud Firewalls to prevent Brute Force, DDoS Attacks, avoid using mass scanning tools to attempt to report vulnerability or access our product websites

Multiple vulnerabilities caused by one underlying issue will only be eligible for one reward.

We only award the first report that was received for any specific vulnerability

Research Safety :

We will complete respect your skills and techniques which you want us to keep secret, we assure your methods will be kept secure and confidential. We would just need that to recreate the issue from our end with minimum number of details as possible.

Safe Harbor :

We assure you that we will not take any legal action who participates in our Security Program who acts in good faith by following the correct guidelines mentioned.

Coordinated Disclosure :

If you have any plans to publicly disclose any of the vulnerabilities found in any plugins)(s)/theme mentioned, then please add this will into your report. We encourage you to not do that until :

We fix the vulnerabilities

The vulnerability time-frame has reached, depending on its severity.

We’re mutually agreed upon

Things which do not cover :

Finding types that are specifically excluded from our program :

Mixed content warnings for passive assets like images and videos

Anything SSL (related attacks, insecure cipher suites, etc.)

Weak Captcha / Captcha Bypass

Lack of HTTP security headers (CSP, X-XSS, etc.) Lack of rate-limiting in HTTP endpoints.

Username / Email Enumeration

Brute Force attacks on our Login or Forgot Password pages

Account lockout enforcement and related attacks

HTTP security headers and Cookies related Issues

Weak password policies

Clickjacking

Vulnerabilities impacting only old or end-of-life platforms, browsers, and plugins

Anything related to Mail Server Domain Misconfiguration (Email spoofing, missing DMARC, SPF/DKIM, etc.)

How to Submit details to our Team?

If our team cannot reproduce and verify an issue, a bounty cannot be awarded. To help streamline our intake process, we ask that submissions include:

Detailed information of the bug, explain it impact

How we can reproduce the bug/ vulnerability

Share some media like images and videos for the issue

Are our user already impacted with the bug

List of URLs and affected parameters Device details/browser used during testing

Other necessary details which can help us identify the issue in-depth

And finally submit your detailed reports and findings at : [email protected]

Thank you so much for helping us in our vision to make web safer and secure for everyone.