publify_core is vulnerable to business logic errors. The vulnerability exists in update_params
function of content_controller.rb
because the password field present in the form is not accepted by the controller which allows an attacker to exploit this flaw since the article is always public.