Impact
Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission.
Patches
2.2.21, 3.1.26
Workarounds
Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submission editing until patched.
Credit
Many thanks to:
Impact
Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to
formie/submissions/save-submission.Patches
2.2.21, 3.1.26
Workarounds
Block unauthenticated access to
actions/formie/submissions/save-submission, or disable/customize front-end submission editing until patched.Credit
Many thanks to: