I have spotted two big security bugs on Uphunt out of the box.
Any user can edit a collections title, description and/or cover picture, even if they are not logged in.
Visiting the dashboard reveals all user sensitive data, Even if they are not logged in.
Hello @ben8
Thank you for reaching out.
At the moment, a user that is not logged in can’t access the dashboard, or the edit the collections information. In case it is different on your side, please can you provide the video recording showing the issue? It will help us to understand the issue a bit better and solve it asap.
The current demo page dashboard contains only test data and does not contain any private/sensitive user data. It is made for demonstration purposes, to let all of our users see the dashboard page. after the purchase user can/should restrict access to it.
Please let me know if you have any other questions.
Have a great day 
Thank you for replying back so quickly.
I have a live site up for experimentation and followed the documentation to remove the demo data.
I opened a privacy browser, so the user was not logged in and when going to www.domain.com/dashboard they were able to view all the users, just not edit it.
The edit button appears to all users (even non logged in ones) on the collection page and it autobinds the changes. The quick fix for this was to add a condition so it wasn’t visible if current user isn’t logged in.
Yes, adding conditions can help fix this issue. In case you have any other questions, or issues please let me know
Take care