Disclose Hidden Comments on Media Section of hub.vroid.com

I discovered a vulnerability related to hidden comments in the Media section on https://hub.vroid.com. Initially, a user allowed comments on their media post but later disable them, making all comments invisible to everyone except the admin. However, by intercepting a request where a user can like any comment with a specific ID, I found that it is possible to like hidden comments by inputting their IDs. The response from the server not only confirms the like action but also reveals the content of the hidden comment, which should only be visible to the original poster of this media. This vulnerability in the endpoint allows unauthorized disclosure of hidden comments on any posts in the Media section.