Description The Element Pack Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘bdt_duplicate_as_draft’ function in versions up to, and including, 5.4.11. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate other user’s posts and set their user as the author of the duplicated post.