Please do not open a public issue for security vulnerabilities.
Report security concerns privately by using GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled, contact the maintainer through the repository owner profile first and avoid posting vulnerability details publicly until a private channel is available.
- GitHub repository: https://github.com/mixon00/wideplayer
Include as much detail as you can:
- affected browser or platform
- affected WidePlayer version or commit
- reproduction steps
- expected impact
- any relevant screenshots, logs, or proof-of-concept details
The project will acknowledge valid reports as soon as practical and coordinate a fix before public disclosure.
Security reports may include:
- extension permission or content-script issues
- unexpected data collection or leakage
- website vulnerabilities in the landing site
- build or release packaging issues that affect distributed extension artifacts
Out of scope:
- issues caused only by unsupported X layouts when the original player remains usable
- social engineering
- denial-of-service reports that require unrealistic traffic or local access