Custom Plugin Security Updates

Custom plugins used on CampusPress are client-owned and client-maintained.

CampusPress does not manage, maintain, or test custom plugin functionality. Clients remain responsible for ongoing development, compatibility, and validation.

Security Exception

If a security vulnerability is identified in a custom plugin that presents a material risk, CampusPress may take action to protect the platform and affected sites.

Our response is based on the severity and likelihood of exploitation, using trusted security intelligence.

How We Respond

High-risk vulnerabilities – RTTP: 0 days

These vulnerabilities are actively exploited, expected to become exploited, or receive a vPatching rule from Patchstack.To protect the platform and affected sites, CampusPress will apply the security update immediately to production without prior client approval.Clients are notified during or shortly after deployment.

Medium-risk vulnerabilities – RTTP: 7 days

These vulnerabilities could be exploited in targeted attacks, are not publicly known to be actively exploited, but receive a vPatching rule from Patchstack. CampusPress will apply the update immediately to development or staging environments. Clients are notified and given up to 7 days to review and test. If no response is received within that window, CampusPress may proceed with deploying the update to production to protect the platform.

Low-risk vulnerabilities – RTTP: 30 days

These vulnerabilities are not expected to be exploited, are not known to be actively exploited, and do not require a vPatching rule from Patchstack. Clients are notified for awareness and planning. Updates are recommended as part of regular maintenance and should not be indefinitely deferred.

Important Notes

• Security updates do not transfer ownership or maintenance responsibility to CampusPress.
  
• CampusPress does not perform functional or regression testing for custom plugins.
  
• RTTP stands for Recommended Time to Patch
  

Clients are responsible for validating site behaviour after any update.

Ask our team for more information Contact us

Get started with CampusPress today Contact sales