A high-severity bug in a popular content platform shows how one insecure workflow can change records that editors assumed were safe.