Automattic: IDOR in API applications (able to see any API token, leads to account takeover)

Summary: Hi, @ehtis, thank you for the test account. Here is a critical report. : On Pressable, we can create API applications at https://my.pressable.com/api/applications, and we can access many things using the API token via following the API docs I created an API application and tried to updat...