Improper Access Control
ghost and @tryghost/portal is vulnerable for Improper Access Control. The vulnerability is due to missing authentication checks on certain endpoints used for member actions, allowing attackers to perform member-only actions and read member information without proper authorization...