[Shopify] Insufficent Authentication on Creating an Admin Account in Stocky (1600 USD)

We discussed this vulnerability as part of our weekly podcast on 30 November 2021

Missing, or maybe insufficient authentication checks on the /users/create_admin endpoint allowed any user (even one not logged in) to create a new administrative account and gain full admin privileged within the Stocky app.