Introduction In late 2021 I revisited one of our Java web applications to validate exposure to Log4Shell. My goal was pragmatic: verify if any user-controlled input was reaching Log4j without stric...

Introduction While reviewing help-desk and ticketing plugins for WordPress, I focused on how user-supplied ticket metadata is validated before being stored and rendered. These flows often accept m...

Introduction I set out to review helpdesk/ticketing plugins that are frequently installed in intranets and customer portals—places where strict role boundaries exist and unfiltered_html is commonly...

Introduction While reviewing WordPress learning-management plugins, I focused on inputs that render inside lesson or course pages—especially fields intended for HTML or embeds. These areas often re...

Introduction I was reviewing appointment-booking plugins to check how they render merchant-defined data back into admin/listing views. Fields like “service name,” “duration,” and “price” often look...