| Version | Supported |
|---|---|
| 6.0.8 | ✅ Active |
| < 6.0.8 | ❌ End of life |
If you discover a security vulnerability in ModMenuCrew, please report it responsibly.
- Do NOT open a public issue for security vulnerabilities
- Contact us privately via one of these channels:
- Discord: discord.gg/crewcore — DM a moderator
- Website: crewcore.online
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Assessment: Within 1 week
- Fix: Depends on severity, typically within 2 weeks for critical issues
This policy covers:
- The ModMenuCrew BepInEx plugin source code
- The custom RPC messaging system
- Any authentication or license validation logic
This policy does not cover:
- Among Us game vulnerabilities (report to Innersloth)
- BepInEx framework vulnerabilities (report to BepInEx maintainers)
We appreciate responsible disclosure and will credit security researchers (with permission) in our release notes.