Skip to content
Patchstack Docs

Adding software to mVDP

Patchstack accepts all WordPress software (plugins and themes) to be added to its mVDP directory. Here’s a process of listing your first software:

  1. Log in to mVDP platform: vdp.patchstack.com
  2. Click the green + Start new button
  3. Fill the form as shown below
  4. Add a VDP disclaimer to your software readme.txt file, or security.md in GitHub

Note that if you maintain separate software for free and paid licenses, you will have to add these as completely separate entries.

Form fields

  1. Pick if you are submitting a plugin or a theme
  2. Pick, if it’s a free software, or is it a premium-licensed software. You can also choose Both, if you cover both plans in one software (also known as a freemium plugin)
  3. Software name - type the name of this software. This is how it will appear in Patchstack VDP directory and in the vulnerability database
  4. Software URL - preffered is the software repository URL. If the software is not in WordPress repository, enter any URL that takes to your software website
  5. Product slug - type a slug that you’d like to be indentified with in Patchstack VDP listing and database entries
  6. Software description - Write a short description, which will be shown in Patchstack VDP listing
  7. Dependencies - Write down all the third party software that your software is dependent on
  8. Secondary email - If you’d like to receive sensitive information about vulnerabilities to another email, you can write down your secondary email
  9. Upload software icon - This icon will be shown in Patchstack VDP directory and in the vulnerability database
  10. Upload source code - If your plugin is not available in public repository, you should upload the source code for us to view

Having filled up the form, click Start program

Finalizing your first software setup

After submitting the form, you’ll be taken to your added software page. This page will show all the vulnerability and reports statistics about your software in the future.

Before Patchstack can validate your software, you will have to add a VDP disclaimer to your software readme.txt or security.md file in GitHub. The disclaimer can be copied, by clicking the Copy disclaimer for… button.

If you don’t have your project present on the WordPress repository, please e-mail us for verification at triage@patchstack.com

Example disclaimer

This is an example disclaimer, do not paste it to your software, as it includes an example link. You should copy the disclaimer straight from the mVDP platform by clicking the Copy disclaimer for… button.

= How can I report security bugs? =


You can report security bugs through the Patchstack Vulnerability Disclosure
Program. The Patchstack team help validate, triage and handle any security
vulnerabilities.
[Report a security vulnerability.](https://patchstack.com/database/vdp/your-software-slug)