Privilege Escalation https://wiki.owasp.org/index.php/Testing_for_Privilege_escalation_(OTG-AUTHZ-003) Examples [2020] - Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation [2019] - Users can enable API access for free via mass assignment