The Official vBulletin Modifications Site.

If you discover a potential security vulnerability in a modification the following protocol should be followed:

1. Do not post about the potential vulnerability in public.
2. All potential security vulnerabilities reports should be done in PRIVATE. The prefered method to report a vulnerability is by using the Report Post feature (). Alternative is to notify a staff member in PM.
3. When reporting a vulnerability, please include as many details as possible.

The following steps are taken when we are notified of a possible security vulnerability:

1. A staff member will verify the report.
2. The modification will be removed from the public to prevent more members installing a vulnerable modification.
3. The author of the modification will be notified in PM.
4. A private thread will be created where the author can discuss the vulnerability and solutions with staff.
5. Once the vulnerability is fixed and verified, staff will restore the updated modification thread back into public view.
6. If the author cannot be contacted to provide a solution, another coder may be aware of the issue and provide a fix . This fix will also be verified by staff.
7. If no one else provides a solution, then in certain exceptional circumstances, a member of vB.org staff may provide a fix.

Member notifications:

1. Staff will send out an e-mail notification to members that have downloaded or marked the modification as installed, warning them of the issue.
2. Staff will also send out an e-mail notification to the same members when the modification has been fixed and returned to the release forums.