Node Reference Create - Moderately Critical - Access Bypass
Project
Date
Severity
Moderately Critical
Affected versions
<7.x-1.1
The Node Reference Create module does not verify whether the current user has permission to create the referenced content type before saving a new node via its autocomplete widget, allowing any authenticated user with access to a referencing form to create nodes without the corresponding permission.