The kwtSMS team takes security seriously. If you discover a vulnerability in the kwtSMS SMS Gateway for Salesforce plugin, please follow responsible disclosure guidelines and report it privately before any public disclosure.

Contact: support@kwtsms.com

Please include the following in your report:

• A clear description of the vulnerability
• Steps to reproduce the issue
• The potential impact or attack scenario
• Any suggested mitigations, if known

• Acknowledgment: Within 2 business days of receiving your report
• Initial assessment: Within 5 business days
• Resolution target: Within 30 days for critical issues, 90 days for others

• Do not publicly disclose the vulnerability until a fix has been released and you have been notified.
• Do not access, modify, or delete data that does not belong to you during testing.
• Do not perform denial-of-service attacks or any action that degrades service quality.
• Test only against your own Salesforce sandbox org or scratch org.

This policy covers the Salesforce AppExchange package KwtSMS SMS Gateway and any associated source code in this repository.

We appreciate responsible researchers. Confirmed vulnerabilities will be acknowledged in release notes (with your permission).