Last days we got a message that one of a 3thParty package, used in WebsiteBaker, contains a minor security issue. It is not a High-Risk-Level but anyway.
The endangered package you can find in wb/includes/idna_convert/.
There is a CSRF issue in the file examples.php. This file itself is never needed by WebsiteBaker and can/should be deleted from webspaces as soon as possible.
There is no fix/patch planned against.
To solve these problem, from next official release of WB the file is encapsulated in a ZIP archive, so there is no more possibility to call it from outside.