Based on feedback in the plugin guidelines thread, I think a new page for the plugin guidelines section would be useful:
Plugins which are published in the directory, but are then found guilty of an infraction of the rules or if a security vulnerability is reported will be subject to the following process:
- The plugin developer will receive an email with details of the breach or vulnerability.
- The developer will have 7 days to reply and/or update the plugin to correct the issue.
- Failure to respond or correct the issue within 7 days will result in suspension of the plugin.
ClassicPress reserves the right to suspend a plugin with a serious vulnerability and/or security issue without prior notice to prevent users from downloading a vulnerable plugin.
Failure to have a working email address on your developer profile, meaning messages from moderators are missed will result in plugin suspension.