CVE-2026-5523 Divi Form Builder <= 5.1.8 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via User Profile Update Form
The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...