According to Securatary, this vulnerability allows for a cross store (unauthenticated, as we have not authenticated to our target store) privilege escalation attack, that will create a user on any *.gostorego.com store. There are over 200 000 active Magento Go stores. So this attack allows access to