Hello, 
if you find a security bug, don't hesitate to report it to the following email address: cmepw@protonmail.com

I would ask you to specify the version used as well as a scenario of exploitation (the steps 1 by 1, requests by requests)

Thank you in advance, for taking the time to read this message to help us to improve this project