Security
Security matters for every marketplace because vendors, customers, orders, payouts, and store data must be handled carefully. This page explains how to report security issues and how to keep a MultiVendorSuite site safer.
Report a security issue
Please report suspected security issues privately through the contact page and include Security Report in the subject or message. Include the affected version, steps to reproduce, expected impact, screenshots, logs, and proof of concept details when available.
Responsible disclosure
- Do not publicly disclose a vulnerability before a fix or mitigation is available.
- Do not access, modify, delete, or export data that does not belong to you.
- Do not perform denial-of-service testing, spam, phishing, or social engineering.
- Give our team a reasonable time to validate, fix, and release an update.
Marketplace security checklist
- Use HTTPS on every page, especially checkout, account, and vendor dashboard pages.
- Keep WordPress, WooCommerce, MultiVendorSuite, themes, and plugins updated.
- Use strong administrator passwords and two-factor authentication where possible.
- Give vendors only the permissions required for their marketplace role.
- Back up files and database regularly and test restore procedures.
- Use trusted hosting, malware scanning, firewall rules, and secure file permissions.
