WordPress: XSS on support.wordcamp.org in ajax-quote.php

Hi, There is an XSS vulnerability in ajax-quote.php on http://support.wordcamp.org. It can be demonstrated with the attached POC - this needs to be run in Firefox to execute, as it's super basic and XSS Auditor will catch it but with multiple parameters, even with one of them filtered, it's likel...

WordPress: [support.wordcamp.org] - publicly accessible .svn repository

Hi Team, Found that .svn repo is publicly accessible. We can verify it by loading https://support.wordcamp.org/.svn/entries in any browser. This is very dangerous as an attacker may download entire source code. More details about this vulnerability provided here:...