Hi Team,
I would like to know if there's some misconfiguration at my end or is it an actual security flaw - but would it be right to write the entire test case here in a public post?
The flaw that I found was when someone filled in the the Shortcode Form generated by WP-CRM (may be using CF7, I don't know) allows for updation of data of other users (e.g. First Name, Last Name, Phone Number) without valid authorization.