CVE-2024-1387

Name of the Vulnerable Software and Affected Versions The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.4

Description The issue is related to insufficient authorization on the duplicate thing() function, allowing attackers with contributor-level access and above to clone arbitrary posts, including private and password-protected ones, which may lead to information exposure.

Recommendations For versions up to, and including, 3.10.4, update to a version higher than 3.10.4 to resolve the issue. As a temporary workaround, consider disabling the duplicate thing() function until a patch is available.