I have seen that there are still attacks against Spaw and FCKeditor - so this is just a warning. There might be possible security problems for older releases of Spaw and/or FCKeditor. So please check again that you use most current releases of phpwcms or fix it yourself.
WYSIWYG editors are located at:
Spaw 1.x: include/inc_ext/spaw
Spaw 2.x: include/inc_ext/spaw2
If you have an upgraded release including Spaw2 delete Spaw1!
Current releases of phpwcms have patched versions included and also some more security checks inside - but nobody is perfect.