Hi there
I’ve discovered a security problem in Discourse related to moderators:
There are some restricted zones for moderators in Admin Panel, and only admins can reach them, BUT if you have the full URL you can enter them:
In this community I’m a moderator, but as you can see I can edit anything if I have the URL
Please, fix the issue
EDIT: It seems that the issue only affects to customize section, and only to some tabs