diff --git a/CLAUDE.md b/CLAUDE.md
index 62814e5..86775e9 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -338,7 +338,7 @@ Admin features always work; frontend requires valid license.
 - Implemented license settings page with validation/activation buttons
 - Created admin CSS and JavaScript for license management
 - Created Gitea CI/CD pipeline at `.gitea/workflows/release.yml`
-- Created `PLAN.md` with full implementation roadmap (9 phases)
+- Created `PLAN.md` with full implementation roadmap (10 phases)
 - Created `README.md` with user documentation
 - Created `CHANGELOG.md` following Keep a Changelog format
 - Updated `CLAUDE.md` with architecture details
diff --git a/PLAN.md b/PLAN.md
index da2b0f9..361781d 100644
--- a/PLAN.md
+++ b/PLAN.md
@@ -186,6 +186,11 @@ This document outlines the implementation plan for the WP BnB Management plugin.
 - [ ] Example Grafana-Dashboard, see <https://src.bundespruefstelle.ch/magdev/wp-prometheus/raw/branch/main/README.md> for implementation details
 - [ ] Update settings page to enable/disable metrics
 
+## Phase 10: Security Audit (v0.10.0)
+
+- [ ] Check for Wordpress best-practises
+- [ ] Review the code for OWASP Top 10, including XSS, XSRF, SQLi and other critical threads
+
 ## Future Considerations (v1.0.0+)
 
 ### WooCommerce Integration (Optional)
@@ -304,4 +309,5 @@ The plugin will provide extensive hooks for customization:
 | 0.7.0   | CF7 Integration    | TBD      |
 | 0.8.0   | Dashboard          | TBD      |
 | 0.9.0   | Prometheus Metrics | TBD      |
+| 0.10.0  | Security Audit     | TBD      |
 | 1.0.0   | Stable Release     | TBD      |