The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
Add your gear to cvedb and we'll alert you only when tooljet ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.