GHSA-GP95-J463-VV28 phpMyFAQ: Default Empty API Token Authentication Bypass
Summary A default empty API client token allows any unauthenticated user to create and modify FAQ entries, categories, and questions via the REST API. The vulnerability exists in all versions since API v4.0 was introduced because the installation process seeds api.apiClientToken with an empty...