ApiRemoveClaims currently modifies and saves entity data directly, without any checks. It should use EditEntity to perform token and permission checks. It should also implement isWriteMode(), needsToken(), and mustBePosted() to return true.
Version: unspecified
Severity: critical