If you have found or believe you have found a security issue in Fandom’s code or on one of Fandom’s wikis, please let us know. We appreciate your help in keeping Fandom safe for everyone by disclosing it to us in a responsible manner.
When performing security testing, you must:
- Not compromise the availability of the site.
- Not compromise the security or privacy of other users' data.
- Be non-destructive and non-disruptive.
When reporting a security issue, please provide full details of the issue including:
- Full steps to reproduce the vulnerability (including a Proof-of-Concept URL if appropriate).
- Please indicate if you are logged in or logged out when the issue occurs.
- Your browser information including type and version (especially for XSS or vulnerabilities that require a specific browser or plugin to reproduce).
- A short description of the vulnerability's potential security impact.
In response to security reports, Fandom will:
- Prioritize the reproduction and confirmation of any reported vulnerability.
- Identify a reasonable timeline to patch any confirmed vulnerability.
- Not pursue legal action against any reporter who complies with all of the guidelines for testing and reporting security issues.
Please use this form to report the security issue (choose the "I have found a security issue" category). Thank you!