The user is editing the post on the front end.
I am using WP User Frontend to display the posts authored by the user using the dashboard bit of that plugin. I edited the path of the ‘edit button’ so that it opens the custom ACF form I am running for a custom post type. However I am worried that because this is based on the post_id (in the url) that users can simply change the numbers in the url to change any post they like.
Thanks for your help Elliot