Intro
Everyone is encouraged to join Slack and follow the public blog to participate in any discussions there.
Report Plugins
Read Reporting Plugin Security Issues for more information.
Whether or not you are a plugin reviewer, everyone is welcome to report plugins with security issues or ones that violate the plugin guidelines to the team. To do this, email plugins@wordpress.org with a descriptive subject line and a clear explanation of the issue. If you’re reporting a security issue, please do your best to explain how someone can reproduce the issue. You can include screenshots or attach PDFs or zips if needed.
Keep in mind, many email clients strip suspect content (even when sending) so code examples should be attached as ZIP or PDF.
Remember to test vulnerabilities as both an admin and an author (or lower), as some users have elevated privileges when it comes to posting unfiltered html intentionally.
Contributor Days
Contributor Days at WordCamp are where a group of interested people can help review plugins. Alternately, we can go through the handbook and make edits and provide fixes.
Interested in getting more deeply involved by joining the Plugin Review team? Check out the application process.
