Add Phase 10: Security Audit to roadmap

- Added security audit phase (v0.10.0) to PLAN.md
- WordPress best practices review
- OWASP Top 10 review (XSS, XSRF, SQLi, etc.)
- Updated version milestones table

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

CLAUDE.md

@@ -338,7 +338,7 @@ Admin features always work; frontend requires valid license.
 - Implemented license settings page with validation/activation buttons
 - Created admin CSS and JavaScript for license management
 - Created Gitea CI/CD pipeline at `.gitea/workflows/release.yml`
-- Created `PLAN.md` with full implementation roadmap (9 phases)
+- Created `PLAN.md` with full implementation roadmap (10 phases)
 - Created `README.md` with user documentation
 - Created `CHANGELOG.md` following Keep a Changelog format
 - Updated `CLAUDE.md` with architecture details

PLAN.md

@@ -186,6 +186,11 @@ This document outlines the implementation plan for the WP BnB Management plugin.
 - [ ] Example Grafana-Dashboard, see <https://src.bundespruefstelle.ch/magdev/wp-prometheus/raw/branch/main/README.md> for implementation details
 - [ ] Update settings page to enable/disable metrics
 
+## Phase 10: Security Audit (v0.10.0)
+
+- [ ] Check for Wordpress best-practises
+- [ ] Review the code for OWASP Top 10, including XSS, XSRF, SQLi and other critical threads
+
 ## Future Considerations (v1.0.0+)
 
 ### WooCommerce Integration (Optional)
@@ -304,4 +309,5 @@ The plugin will provide extensive hooks for customization:
 | 0.7.0   | CF7 Integration    | TBD      |
 | 0.8.0   | Dashboard          | TBD      |
 | 0.9.0   | Prometheus Metrics | TBD      |
+| 0.10.0  | Security Audit     | TBD      |
 | 1.0.0   | Stable Release     | TBD      |