Posted by Scott Arciszewski on May 14

I’m honestly surprised it took their team two months to fix this. I’ve
previously reported issues via HackerOne and they were on it within a day.

If anyone else is thinking about whitehatting up Concrete5, you might get a
faster response if you go through the HackerOne platform. Also, they’re
friendly and won’t pull a Daniel Kerr move on you if you tell them their
code is Swiss cheese. Speaking from experience here.