Full details of the Automattic Security Policy can be found on automattic.com.
Generally, only the latest version of the extension has continued support. In some cases, we may opt to backport critical vulnerabilities fixes to previous versions.
WooCommerce Stripe Payment Gateway is an open-source plugin for WooCommerce. Our HackerOne program covers the plugin software.
For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the HackerOne portal.
Please note that the WordPress software is a separate entity from Automattic. Please report vulnerabilities for WordPress through the WordPress Foundation's HackerOne page.
We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.