If you discover a security vulnerability in Champlin Pre-Flight Audit, please report it privately so we can fix it before public disclosure.

Email: hello@kevinchamplin.com (please put [champlin-pre-flight-audit security] in the subject line)

We will acknowledge receipt within 2 business days and aim to release a patch within 14 days for confirmed issues. Critical vulnerabilities (data exposure, privilege escalation, RCE) will be prioritized for same-day patches.

Please do not open a public GitHub issue for security vulnerabilities until a fix has been published.

• The plugin's PHP code in champlin-pre-flight-audit.php, includes/, and assets/
• The AJAX endpoints registered by the plugin
• The snapshot system at wp-content/wp7rc-snapshots/
• The mu-plugins the plugin creates (e.g. champlin-disallow-file-edit.php)

• Issues in WordPress core itself — report to WordPress core security
• Issues in third-party plugins the audit detects (Yoast, ACF, etc.) — report to those vendors
• Issues caused by modifying the plugin's own code in your installation