Are they just an issue with wefwef or trying to use an exploit
4 points
Iβd be willing to bet theyβre using the API to make all the changes. The cookie has the jwt token. I donβt believe you need the username (at least judging by the js API docs).
2 points