Introduction I reviewed HPRMS v1.0 to assess how its admin area handles identity and authorization in routine CRUD flows. Applications with profile-edit features often expose object identifiers dir...

Introduction In late 2021 I revisited one of our Java web applications to validate exposure to Log4Shell. My goal was pragmatic: verify if any user-controlled input was reaching Log4j without stric...

Introduction While reviewing help-desk and ticketing plugins for WordPress, I focused on how user-supplied ticket metadata is validated before being stored and rendered. These flows often accept m...

Introduction I set out to review helpdesk/ticketing plugins that are frequently installed in intranets and customer portals—places where strict role boundaries exist and unfiltered_html is commonly...

Introduction While reviewing WordPress learning-management plugins, I focused on inputs that render inside lesson or course pages—especially fields intended for HTML or embeds. These areas often re...