A security issue (or security vulnerability) is a type of bug that affects the security of WordPress installations.
If you've found a bug in the WordPress core code that you have determined can be used to gain some level of access to a site running WordPress that you should not have, then that is a security issue.
Before you report a security issue, please bear in mind the following:
- Your blog being "hacked" is not a security issue. A security issue will involve knowing how the attacker got in and hacked your site. If you have details on the attack vector, then email us. If not, report the issue on the Support Forums.
- Forgetting your password or losing access to your site is not a security issue. You should try resetting your password or contacting your site administrator or host for help.
- Generally, security issues are complex problems. If you want to report a security issue, then that's great! You're in the right place. However, be sure that what you're reporting is actually a security issue so you don't waste your own time or that of the experts you report it to.
- The security mailing addresses are NOT for support. Don't send general problems to them. Your message will not be replied to. Use the Support Forums instead.
Posted in: WordPress