ghost is vulnerable to improper access control. An unprivileged member has the ability to view and change unintended newsletter settings due to improper validation for nested objects in `Memebers` API.Read More