Potential security vulnerabilities can be reported directly to us at me@paolotagliaferri.com. As this is a modified forked theme from the original Casper theme built by the Ghost team, it is possible that the vulnerability has been introduced by the changes done in the fork.