Server-Side Request Forgery (SSRF)
Plone allows SSRF attacks via the tracebacks feature (only available to the Manager role).
Plone allows SSRF attacks via the tracebacks feature (only available to the Manager role).
Plone allows XXE attacks via a feature that is explicitly only available to the Manager role.
Plone allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).