It's worth noting this only affects sites with open registration. In that case, a general authenticated user had permissions to delete any page (except root node). We've now completely restricted the delete a page functionality to 'admin' level users only.
On Thu, May 27, 2010 at 8:11 PM, Dan Dascalescu <[hidden email]> wrote:
A security issue has been found in MojoMojo versions 1.00 and prior
whereby an attacker can delete pages they should not have permissions
Users who have open registration enabled are strongly encouraged to
upgrade to 1.01.