X (Formerly Twitter): Bypassing x profile verification to receive instant blue checkmark and unlimited profile changes

The vulnerability allowed users to bypass the profile verification process on X by upgrading and downgrading their plan immediately after changing their profile picture. This permitted continuous profile picture changes without review...

U.S. Dept Of Defense: Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS]

Description: On any published profile page,you can switch between their profile's versionsprovided they have made at least 1 change after publication ,which will make a GET request to ███/organization/id/profileid/version/id. While proxying traffic through Burp Suite,another request is being sent...