Acunetix determined that it was possible to access the Hasura GraphQL API without authentication. An unauthentication attacker may use this API to perform SSRF (Server-side request forgery) attacks.
Restrict access to the Hasura GraphQL API by setting admin secret.
Paperclip gem SSRF (Server side request forgery)
WordPress Plugin Backup & Restore Dropbox Multiple Vulnerabilities (22.214.171.124)
WordPress Plugin Salon booking system Multiple Information Disclosure Vulnerabilities (7.6.2)
MantisBT multiple security issues