Lucene search
K

23 matches found

NVD
NVD
added 11 hours ago11 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 12 hours ago3 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added 12 hours ago5 views

CVE-2026-5523 Divi Form Builder <= 5.1.8 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via User Profile Update Form

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS
Exploits0References2
CVE
CVE
added 12 hours ago11 views

CVE-2026-5523

The CVE describes a privilege-escalation flaw in the Divi Form Builder plugin for WordPress (versions up to and including 5.1.8). The root cause is missing authorization checks: update_user() accepts a user ID from form submissions without validating the editor’s permission for that target user, ...

8.8CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 12 hours ago5 views

EUVD-2026-42506

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/07/02 1:17 p.m.10 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 12:34 p.m.7 views

EUVD-2026-41368

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 12:34 p.m.34 views

CVE-2026-5524 Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:34 p.m.18 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress (versions up to and including 5.1.8) is vulnerable to Unauthenticated Arbitrary File Upload leading to Remote Code Execution. The root cause is insufficient file extension validation in the do_image_upload() function where user-supplied input from accept...

9.8CVSS6AI score0.00542EPSS
In wildExploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:34 p.m.8 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/02 6:56 a.m.10 views

WordPress Divi Form Builder plugin <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability

Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Divi Form Builder versions = 5.1.8...

9.8CVSS5.9AI score0.00542EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5118

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS5.5AI score0.00487EPSS
Exploits4References1
GithubExploit
GithubExploit
added 2026/05/22 7:53 a.m.100 views

Exploit for CVE-2026-5118

CVE-2026-5118 — Divi Form Builder roles && !isset$rolesobj-...

9.8CVSS5.8AI score0.00487EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/05/21 10:45 p.m.109 views

Exploit for CVE-2026-5118

Divi Form Builder ⚠️ WARNING: This tool is for authorized p...

9.8CVSS5.9AI score0.00487EPSS
Exploits4
NVD
NVD
added 2026/05/21 1:16 p.m.21 views

CVE-2026-5118

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS0.00487EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 11:32 a.m.11 views

CVE-2026-5118

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS5.8AI score0.00487EPSS
Exploits4References3
EUVD
EUVD
added 2026/05/21 11:32 a.m.12 views

EUVD-2026-31270

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS5.8AI score0.00487EPSS
Exploits4References2
CVE
CVE
added 2026/05/21 11:32 a.m.32 views

CVE-2026-5118

CVE-2026-5118 affects Divi Form Builder for WordPress (

9.8CVSS5.8AI score0.00487EPSS
Exploits4References2
Cvelist
Cvelist
added 2026/05/21 11:32 a.m.40 views

CVE-2026-5118 Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS0.00487EPSS
Exploits4References2
GithubExploit
GithubExploit
added 2026/05/21 10:12 a.m.117 views

Exploit for CVE-2026-5118

🔥 CVE-2026-5118 Divi Form Builder --- 🎯 Ring...

5.8AI score0.00487EPSS
Exploits4
Rows per page
Query Builder