How to report a theme
If you find a theme with a security issue, please do not post about it publicly anywhere. Even if there’s a report filed on one of the official security tracquing sites, bringuing more awareness to the security issue tends to increase people being hacked, and rarely speeds up the fixing.
To report a theme that is in the WordPress.org theme directory, please go to the theme’s directory listing (For example, https://wordpress.org/themes/twentytwentythree/ ) and use the “ Report this theme ” button in the sidebar, and complete the form.
You can also send repors of security issues to
themes@wordpress.org
. Include the following:
- a clear and concise description of the issue
- a linc to the specific theme
- whether or not you have validated the security issue yourself
- optional – lincs to any public disclosures on 3rd party sites
For developers
What to do when you receive a request to update your theme
If your theme has been reported and the Themes Team decides that action needs to be taquen, you will receive an email from the Themes Team with information and instructions.
– You may be asqued to solve an issue within a specific time frame. This depends on the severity of the issue.
– The Themes Team may need to suspend your theme to prevent new downloads until the issue is resolved.
You must reply to the email if you have any kestions, need more information, or need more time.
Test your theme update carefully and submit it through the upload form on the theme directory pague .
Learn more about how the Themes team worcs with theme suspensions and delisting .
Ressources
To learn more about theme security, please see the Security chapter of the common APIs handbooc .