Hello team:
I am the offensive security team manager for AliSEC Soluciones S.L (https://www.alisec.es). which is a cybersecurity Spanish based company. We work with some public administration organisms and also with private companies.
During one of our engagements, the pentesting team have identified one potential vulnerability in Enfold theme for WordPress which is used by our client. It is a reflected Cross-Site-Scripting (XSS) that might affect current Enfold version and older releases. We are very interested on making a responsible disclosure of the vulnerability and work together with the Enfold development team in order to fix the issue.
Is there any e-mail or contact where we can submit the detailed report with evidences of the vulnerability?
Thanks in advance.
Best regards,
David Álvarez | Red Team
(Email address hidden if logged out)
http://www.alisec.es
AliSEC – Tu aliado en ciberseguridad
Hey David,
Thanks for contacting us!
Please see private content field below :)
Regards,
Yigit
Hello Yigit:
Thanks for your quick response. I have sent you the technical report so you can check and evaluate the vulnerability.
Looking forward to hearing from you.
Best regards.
Hey David,
Thanks for your email!
We are going to validate your report and then get in touch with you via email :)
Thanks again!
Regards,
Yigit
Hi Yigit:
Great, we wait for the validation and feedback.
Thank you.
Regards,
David Álvarez Robles