Security
Responsible Disclosure
We take the security of NeuralPress seriously. If you discover a security vulnerability, we appreciate your help in disclosing it to us responsibly.
How to Report
Please report security vulnerabilities by emailing security@neuralpress.example.com. Include:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (optional but appreciated)
What to Expect
- We will acknowledge your report within 48 hours
- We will provide an initial assessment within 5 business days
- We will keep you informed of our progress
- We will credit you (if desired) when the issue is resolved
Scope
The following are in scope for responsible disclosure:
- The NeuralPress website and its subdomains
- API endpoints
- Authentication and authorization systems
- Data exposure or leakage
- Cross-site scripting (XSS), CSRF, and injection vulnerabilities
Out of Scope
- Social engineering attacks
- Denial of service attacks
- Issues in third-party services we use
- Issues requiring physical access
Safe Harbor
We will not pursue legal action against security researchers who:
- Act in good faith to avoid privacy violations, data destruction, and service disruption
- Only interact with accounts they own or with explicit permission
- Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
- Report findings promptly and do not disclose publicly before we have addressed the issue
Security.txt
Our machine-readable security policy is available at /.well-known/security.txt (RFC 9116).