From 376c8936c6fc3f6e25c0cfb95659df408e7aad53 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Tue, 13 Jan 2026 11:34:03 -0600
Subject: [PATCH 1/2] Add FAQ on reporting security bugs

Added FAQ section about reporting security bugs.
---
 readme.txt | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/readme.txt b/readme.txt
index 7e6fe6b..ac1cb68 100755
--- a/readme.txt
+++ b/readme.txt
@@ -27,6 +27,12 @@ Alternatively, go to ElasticPress > Query Log and set it to record ElasticPress
 2. Optionally install [Debug Bar](https://wordpress.org/plugins/debug-bar/) or [Query Monitor](https://wordpress.org/plugins/query-monitor/).
 3. Install the plugin in WordPress.
 
+== Frequently Asked Questions ==
+
+= Where do I report security bugs found in this plugin? =
+
+Please report security bugs found in the source code of the ElasticPress Debugging Add-On plugin through the [Patchstack Vulnerability Disclosure  Program](https://patchstack.com/database/vdp/cc7374da-57fd-4963-905b-92ba5d12a628).  The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.
+
 == Changelog ==
 
 = 3.1.1 - 2024-12-11 =

From 7092d5e5347d4be56c27d371a9967f888805b844 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Tue, 13 Jan 2026 11:35:14 -0600
Subject: [PATCH 2/2] Add FAQ section for reporting security bugs

Added a section for Frequently Asked Questions regarding security bug reporting.
---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 446f9c9..1448784 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,12 @@ Alternatively, go to ElasticPress > Query Log and set it to record ElasticPress
 
 If you identify any errors or have an idea for improving the plugin, please [open an issue](https://github.com/10up/debug-bar-elasticpress/issues?state=open).
 
+## Frequently Asked Questions
+
+### Where do I report security bugs found in this plugin?
+
+Please report security bugs found in the source code of the ElasticPress Debugging Add-On plugin through the [Patchstack Vulnerability Disclosure  Program](https://patchstack.com/database/vdp/cc7374da-57fd-4963-905b-92ba5d12a628).  The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.
+
 ## Support Level
 
 **Active:** 10up is actively working on this, and we expect to continue work for the foreseeable future including keeping tested up to the most recent version of WordPress. Bug reports, feature requests, questions, and pull requests are welcome.