For those following the thread, a privilege escalation issue was discovered in Custom Port Ranges, where an attacker who already had webuser privileges could gain root.
This was fixed in 13.0.3, with kudos to https://twitter.com/0x00string for his assistance!
More information in the Second Post