Any unauthorized/unauthenticated actor can find the PII data of all the users registered in the application.
PII - Personally Identifiable Information leaked by this application is first name
, last name
, email id
, picture
, username
, is_admin
status
1 Visit
https://demo.microweber.org/demo/api/users/search_authors
It shows you details of all the users
Attacker can grab this PII data and use it for any malicious purpose.