From e2d1e56532b92f1b73c6248c67b02f9d8e0388f6 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Fri, 16 Jan 2026 16:08:53 -0600
Subject: [PATCH] Enhance readme with API access and FAQ sections

Added FAQ section for reporting security bugs and clarified API usage instructions.
---
 readme.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0ec8743..ec6ff0e 100644
--- a/readme.md
+++ b/readme.md
@@ -15,6 +15,7 @@ wp package install 10up/wpcli-vulnerability-scanner:dev-stable
 ```
 
 ### API Access
+
 WP-CLI Vulnerability Scanner works with [WPScan](https://wpscan.com), [Patchstack](https://patchstack.com/) and [Wordfence Intelligence](https://www.wordfence.com/threat-intel/) to check reported vulnerabilities; you can choose any one of these three to use. You will need to add a constant in your `wp-config.php` to decide which API service you want to use (by default **WPScan API** will be used).
 
 To use **WPScan API**:
@@ -39,7 +40,6 @@ For WPScan and Patchstack you will need to register for a user account and suppl
 define( 'VULN_API_TOKEN', 'YOUR_TOKEN_HERE' );
 ```
 
-
 ### Global command, manually
 
 Clone this repo, checkout to stable branch and require `wpcli-vulnerability-scanner.php` from wp-cli config.  E.g. in `~/.wp-cli/config.yml` [[other config locations](https://make.wordpress.org/cli/handbook/references/config/#config-files)]
@@ -268,6 +268,12 @@ composer behat -- features/vuln-patchstack.feature
 composer behat -- features/vuln-wordfence.feature
 ```
 
+## Frequently Asked Questions
+
+### Where do I report security bugs found in this plugin?
+
+Please report security bugs found in the source code of the undefined plugin through the [Patchstack Vulnerability Disclosure  Program](https://patchstack.com/database/vdp/189e9e72-27f1-4d80-86fd-7a28975550af).  The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.
+
 ## Support Level
 
 **Active:** 10up is actively working on this, and we expect to continue work for the foreseeable future including keeping tested up to the most recent version of WordPress. Bug reports, feature requests, questions, and pull requests are welcome.