Instruction: [Any _**source**_ repository on my Github account](https://github.com/iandunn?tab=repositories&type=source), _**except**_ for the ones marked as **archived**.
Forks are not in-scope, please report any issues with those upstream. Archived repos are not maintained.
This refers to the source code in the repositories listed on that page, **not** to the github.com website itself. You can report potential vulnerabilities in github.com to [them](https://github.com/security).
Integrity requirements: high
Max severity: critical
Asset identifier: WordPress.org plugins
Asset type: SOURCE_CODE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: [Any plugin listed on my WordPress.org profile](https://profiles.wordpress.org/iandunn#content-plugins) is within scope, **except** for these:
* Email Post Changes and Jetpack should be submitted to [Automattic](https://hackerone.com/automattic) instead.
* CampTix, CampTix Network Tools, P2 New Post Categories, Tagregator, and SupportFlow should be submitted to [WordPress](https://hackerone.com/wordpress) instead, because they're [Meta team](https://make.wordpress.org/meta/) projects.
* Manage Tags Capabilities is not covered, since I don't have commit access to it.
This refers to the source code of the plugins listed on that page, **not** to the wordpress.org website itself. You can report potential vulnerabilities in wordpress.org to [their program](/wordpress).