Lucene search
K

280 matches found

NVD
NVD
added 3 days ago3 views

CVE-2026-57420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Netrr Author Box WP Lens author-box-for-divi allows Stored XSS.This issue affects Author Box WP Lens: from n/a through = 2.1.5...

6.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added last week9 views

CVE-2026-4275

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS0.00187EPSS
Exploits0References8
CVE
CVE
added last week13 views

CVE-2026-4275

CVE-2026-4275 affects the Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress up to version 4.2.3. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw arising from using __return_true as the permission_callback for the /install_plugin and /activate_plugin REST...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References8
Cvelist
Cvelist
added last week30 views

CVE-2026-4275 Divi Torque Lite <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Installation via 'install_plugin' REST Endpoint

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS0.00187EPSS
Exploits0References8
EUVD
EUVD
added last week7 views

EUVD-2026-42563

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-4275

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References9
NVD
NVD
added 2026/07/09 6:16 a.m.16 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 4:32 a.m.31 views

CVE-2026-5523 Divi Form Builder <= 5.1.8 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via User Profile Update Form

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 4:32 a.m.7 views

EUVD-2026-42506

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 4:32 a.m.24 views

CVE-2026-5523

The CVE describes a privilege-escalation flaw in the Divi Form Builder plugin for WordPress (versions up to and including 5.1.8). The root cause is missing authorization checks: update_user() accepts a user ID from form submissions without validating the editor’s permission for that target user, ...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/09 4:32 a.m.10 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 1:17 p.m.12 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 12:34 p.m.37 views

CVE-2026-5524 Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 12:34 p.m.8 views

EUVD-2026-41368

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:34 p.m.9 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 12:34 p.m.27 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress (versions up to and including 5.1.8) is vulnerable to Unauthenticated Arbitrary File Upload leading to Remote Code Execution. The root cause is insufficient file extension validation in the do_image_upload() function where user-supplied input from accept...

9.8CVSS6AI score0.00542EPSS
In wildExploits0References2
Patchstack
Patchstack
added 2026/07/02 6:56 a.m.11 views

WordPress Divi Form Builder plugin <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability

Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Divi Form Builder versions = 5.1.8...

9.8CVSS5.9AI score0.00542EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36978

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS5.3AI score0.00442EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40769

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.31 views

CVE-2026-40769 WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS0.00442EPSS
Exploits0References1
Rows per page
Query Builder