Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.