Vanilla 2.1.3 Security breach???
Some how spam bots can with registration assign Roles Not Verified, Member. And because of Member role they can post.
How it's possible? It should be or Not Verified or Member if in settings email verification required.
How they enter capcha?!
Is there any solutions?