WebMCP Validator

Reporting Security Vulnerabilities

We take security seriously. If you discover a vulnerability in WebMCP Validator, please report it responsibly. Do not publicly disclose the issue until we have had a reasonable time to address it.

Contact us at: security@webmcpvalidator.com

We aim to acknowledge all reports within 48 hours and resolve confirmed vulnerabilities within 30 days.

What to Include in Your Report

• A clear description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Any proof-of-concept code or screenshots
• The URL or endpoint affected
• Your contact details (optional but helpful)

Scope

• webmcpvalidator.com and all subdomains
• The proxy.php scanning endpoint and api/audit endpoint
• Any data stored or transmitted through the service

Out of Scope

• Denial of service attacks
• Social engineering or phishing attempts
• Issues in third-party services we do not control
• Vulnerabilities requiring physical access to a device

Our Commitment

We will not take legal action against researchers who report vulnerabilities in good faith and follow this policy. We appreciate the security community's help in keeping WebMCP Validator safe.