# Security Policy

## Supported Versions

We currently support these versions of WooCommerce Order Address Print with security updates:

| Version | Supported          |
| ------- | ------------------ |
| 4.2.x   | :white_check_mark: |
| 4.1.x   | :white_check_mark: |
| 4.0.x   | :white_check_mark: |
| < 4.0   | :x:                |

## Reporting a Vulnerability

We take the security of WooCommerce Order Address Print seriously. If you believe you've found a security vulnerability in the plugin, please follow these steps:

1. **Do NOT disclose the vulnerability publicly**
2. **Email the details to**: security@uniquesweb.co.in
3. Include the following information:
   - Description of the vulnerability
   - Steps to reproduce the issue
   - Potential impact
   - Any suggestions for addressing the vulnerability
   - Your name/handle for credit (optional)

We aim to acknowledge receipt of your report within 48 hours and will strive to provide a timeline for resolution after initial assessment.

## Security Measures Implemented

This plugin employs several security measures to protect your WordPress site:

- **Input Validation**: All user inputs are properly sanitized
- **Output Escaping**: All outputs are properly escaped to prevent XSS attacks
- **Capability Checks**: Access controls validate user permissions
- **CSRF Protection**: Nonce verification on all form submissions
- **Secure File Handling**: Random filenames, proper permissions, and automatic cleanup
- **Rate Limiting**: Basic protection against abuse of plugin functionality

## Best Practices for Users

To ensure maximum security when using WooCommerce Order Address Print:

1. Keep the plugin updated to the latest version
2. Use strong administrator passwords
3. Implement WordPress security best practices
4. Restrict admin access to trusted individuals
5. Use a security plugin like Wordfence, Sucuri, or iThemes Security
6. Regularly review access logs for unusual activity

## Disclosure Policy

- We follow responsible disclosure practices
- After a vulnerability is fixed, we will publish information about it
- We will credit researchers who report valid vulnerabilities (if desired)
- We typically allow 30 days after a patch is released before disclosing details

## Security Updates

Security updates are typically released as patch versions (e.g., 4.2.1). When a security update is released, we recommend updating as soon as possible.

## Third-Party Libraries

This plugin uses the following third-party libraries:

- PHP QR Code library

We regularly update these dependencies to incorporate security fixes.

---

This security policy is effective as of July 2023 and will be reviewed and updated periodically. 