Vulnerability disclosure address: [](mailto:
Status: Supporter, working on partnership


  • Date Posted:4/2/2017
  • Type of Vulnerability: Unauthenticated website administrative function
  • Products affected:
  • Found and reported by: RenderMan
  • Date Reported: 3/30/2017
  • Description: The “Testimonials” control panel on the website is exposed publicly and unauthenticated. Anyone who finds it can add, delete, or edit the testimonials featured on the website and cause reputation damage
  • Remediation: The Testimonials control panel has been moved to a protected part of the site and is no longer exposed