We actively maintain and patch security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ Yes (Latest) |
| <1.0 | ❌ No (Outdated) |
If you are using an outdated version, we strongly recommend updating to the latest release for continued security and support.
If you discover a security vulnerability within the WCG website or its associated assets (HTML/CSS/JS/API), we appreciate your help in disclosing it responsibly.
📩 Email: security@wcg.org
🔒 PGP Key: [Coming Soon]
We aim to respond within 72 hours and provide a patch/fix within 7 days, depending on severity.
The following are considered in scope:
- Code injection (XSS, SQLi, etc.)
- Data exposure or leaks
- Authentication bypass
- Broken access control
- Security misconfigurations
The following are out of scope:
- Spam or social engineering
- Outdated libraries with no known exploit
- Denial-of-Service (DoS) with no data impact
- Self-XSS (user must harm themselves intentionally)
Once a valid vulnerability is reported:
- We will verify the issue.
- Assign severity and impact level.
- Patch the vulnerability privately.
- Release an update with release notes.
- Acknowledge the reporter (if allowed).
Responsible reporters will receive:
- Public acknowledgement (if approved)
- Swag / gifts in future community programs 💝
- Priority invitations to beta testing & WCG rewards
Security is a shared responsibility.
We appreciate your time and effort in helping keep WCG and its users safe and protected.
– Team Wisdom Circle Group (WCG)