Can I publicly post the vulnerability on social media?

Please do not. Report it privately first so we can fix it safely.

Do you pay for bug reports?

Not currently. We still welcome responsible disclosure.

What should I include in my report?

A clear description, affected URLs, steps to reproduce, and impact.

Security & Responsible Disclosure Policy

Last updated: March 5, 2026

Roz New takes website security seriously. If you discover a security vulnerability on roznew.com, we appreciate responsible disclosure so we can investigate and fix the issue quickly and safely.

This policy explains how to report vulnerabilities and what we expect from security researchers and users.

1. What to Report

Please report security issues such as:

Account or authentication vulnerabilities (if accounts exist)
Data exposure or privacy weaknesses
Cross site scripting (XSS), SQL injection, CSRF, SSRF
Broken access controls
Security misconfigurations
Vulnerabilities in plugins/themes that affect our Site

If you are unsure, report it anyway we prefer early notifications.

2. How to Report a Vulnerability

Send your report to:

Email: security@roznew.com
Subject line (recommended): Security Report – Vulnerability Disclosure

We aim to acknowledge reports within 72 hours.

Include:

A clear description of the issue
The affected URL(s) or feature(s)
Steps to reproduce (proof of concept)
Potential impact (what an attacker could do)
Screenshots/logs if helpful

If you have a suggested fix or mitigation, include it.

3. What We Ask You Not to Do

To keep users and systems safe, please do not:

Access, modify, or delete data that does not belong to you
Attempt to disrupt the Site (DDoS, spam, mass scanning)
Exfiltrate private data or publish it publicly
Use social engineering against staff or users
Publicly disclose the vulnerability before we have time to respond

4. Good Faith Testing

We consider research good faith when you:

Make a minimal effort to prove the vulnerability
Avoid privacy violations and service disruption
Give us a reasonable time to investigate and fix the issue
Do not demand payment or threaten public disclosure

5. Our Response Approach

When we receive a valid report, we aim to:

Acknowledge receipt as soon as possible
Investigate and verify the issue
Prioritize fixes based on severity and impact
Apply patches/mitigations (including plugin/theme updates)
Notify you when the issue is resolved (when possible)

We may not be able to provide detailed timelines or technical details in every case.

6. Third Party Components

Roz New uses third party services and software (e.g., hosting, plugins, analytics, ad networks). Some issues may need coordination with providers. We will work to address vulnerabilities in our control and report upstream where appropriate.

7. No Bug Bounty Program

At this time, Roz New does not offer a paid bug bounty program.

Quick FAQ

Can I publicly post the vulnerability on social media?
Please do not. Report it privately first so we can fix it safely.
Do you pay for bug reports?
Not currently. We still welcome responsible disclosure.
What should I include in my report?
A clear description, affected URLs, steps to reproduce, and impact.