Information Disclosure and Privilege Escalation in app.goodhire.com/member/developers/api-settings

Researcher reported a missing authorization check when purchasing a report. As a result, any valid user with ordering privileges could place an order on behalf of any other account (although would not be able to receive the results of the order). We added an authorization check to ensure that users can only place orders for their own account.