We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
The Cornerstone theme team (that's one person, me) takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by email to:
You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include the following information in your report:
- Type of vulnerability (e.g., XSS, SQL injection, authentication bypass)
- Full paths of source file(s) related to the vulnerability
- The location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
After you submit a report, we will:
- Confirm receipt of your vulnerability report
- Investigate and validate the issue
- Determine the severity and impact
- Work on a fix and release timeline
- Keep you informed of our progress
- Credit you in the release notes (unless you prefer to remain anonymous)
- Security issues are typically fixed in the next patch release
- We will notify users via GitHub release notes
- Critical vulnerabilities will be announced immediately
- We follow responsible disclosure practices
When using the Cornerstone theme:
- Always keep WordPress core, plugins, and themes updated
- Use strong passwords and enable two-factor authentication
- Regularly backup your WordPress site
- Use SSL/TLS certificates for all sites
- Follow WordPress security best practices
For general security questions or concerns that are not vulnerabilities, please open a public issue on GitHub or contact:
Khürt Williams
Email: khurt@islandinthenet.com
Website: https://islandinthenet.com