The vulnerability allows attackers to bypass the visibility restrictions set by administrators on the search page. By directly calling the API endpoint associated with the search page, attackers can access its functionalities even when the page is set to be invisible. This can lead to unauthorized access to sensitive information and potential misuse of the search functionalities.

An attacker identifies the API endpoint for the search page functionality and captures the necessary request details using tools like Burp Suite. They then craft a valid API request and send it directly to the server, successfully accessing the search page functions despite the page being invisible to regular users.

Users of the software version v0.3.94 who rely on the visibility restrictions of the search page to control access to its functionalities are affected by this vulnerability.