Everythingblackkk

**Name of the Vulnerable Software and Affected Versions** Statamic versions prior to 5.73.14 Statamic versions prior to 6.7.0 **Description** Low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint. The vulnerable endpoint is `/cp/field/action`. The issue involves manipulating field definitions to bypass authorization controls. **Recommendations** Update to Statamic version 5.73.14 or later. Update to Statamic version 6.7.0 or later.