3 matches found
CVE-2024-5892
CVE-2024-5892 affects Divi Torque Lite – Divi Theme and Extra Theme (WordPress) up to version 3.6.6. The vulnerability is a stored Cross‑Site Scripting (XSS) flaw in the SVG/filtered file upload path via the function support_unfiltered_files_upload, exploitable by authenticated users with Author ...
CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘supportunfilteredfilesupload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)
Software DiviTorque – Divi Theme, Divi Builder and Extra Theme Type Plugin Vulnerable versions = 3.6.6 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5892 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...