Recently, Cake PHP’s 2.3.5 version has been released to fix critical bugs related to web root attribute in Cake Request that could potentially drive to XSS attacks on few web pages. Along with handling and fixing different issues either related to pagiation limits, auto link utility, and compatibility with servers, it is a great plug-in to use.
Read more and visit http://bakery.cakephp.org/articles/lorenzo/2013/05/11/security_fix_cakephp_2_3_5_released.