As you observed no password nor authentication process is necessary to entry the APIs Which explains why you should be added careful with you access vital rights And exactly how (and also to whom) you disclose them. If you did not change the install/ or admin/ directory names, just after https://jasperpknmt.shotblogs.com/5-simple-statements-about-prestashop-xss-explained-40091811
