Hi,

I’m using the Voxel theme and I noticed something with the frontend post editing.

When a user with the Subscriber role edits their own post, the edit page uses a URL like:

/create-werkstatt/?post_id=294

The problem is that a subscriber can manually change the post_id in the URL and then access the edit page of another user’s post.

Is there a way to limit editing to only the post owner, or to disable editing via URL manipulation?

Maybe I’m missing a setting — how should this be handled correctly?

Thanks!