Ghost's improper authentication allows access to member information and actions
Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information.
Advisories for Npm/@Tryghost/Portal package
2024