MetaCredo.
View Source
Detects critical functions without authentication checks (CWE-306).
Identifies endpoints or functions that perform sensitive operations (admin, delete, update, payment, etc.) but lack apparent authentication verification via plugs, decorators, or middleware.
Category: Security / Priority: higher