Is this forum the right place to discuss and diagnose possible security vulnerabilities in webwork?
Hopefully the red flags are just mistakes by automated security scans, but who knows.
Please do consider if you have
found a security vulnerability, that posting publicly about it here
might direct bad actors to abuse it.