With so many WordPress plugins that are _doing_it_wrong() with regard to security, we pride ourselves on Doing It Right™. We always welcome any peer review of our 100%-open-source code, to ensure vulnerabilities in WordPoints never lead to anyone's site being hacked. And we reward researchers who help us do that accordingly.
When reporting a security issue, we ask that you please do so responsibly. In order to give the community time to respond and upgrade, we strongly urge you report all security issues privately. Please use our vulnerability disclosure program at HackerOne to provide details and steps to reproduce, and we will respond ASAP—security issues always take priority.
You can find more information about our bug bounty program, and general notes regarding security and WordPoints, on our program homepage on HackerOne.