CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

EUVD-2026-33993

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-1829

CVE-2026-1829 affects the WordPress plugin Content Visibility for Divi Builder. The NVD/NVD-derived records indicate a Remote Code Execution vulnerability in all versions up to and including 4.02, exploitable via the et_pb_text shortcode parameter cvdb_content_visibility_check. The root cause is ...

PT-2026-26574

Name of the Vulnerable Software and Affected Versions Content Visibility for Divi Builder version 4.01 Description A contributor-controlled expression reaches the eval function through real feature paths. More than 2,000 active installations are reported. Recommendations At the moment, there is n...

WordPress DiviTorque plugin <= 4.0.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin DiviTorque – Divi Theme, Divi Builder and Extra Theme versions = 4.0.5...

WordPress Divi Builder plugin <= 4.27.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Divi Builder versions = 4.27.1...

EUVD-2020-23528

Malware in sbrugna...

CVE-2024-5501

The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttononeid’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Software DiviTorque – Divi Theme, Divi Builder and Extra Theme Type Plugin Vulnerable versions = 3.6.6 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5892 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

CVE-2024-5501

The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttononeid’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Divi Builder plugin <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Divi Builder versions = 4.25.0...

WordPress Divi Builder Plugin <= 4.25.0 is vulnerable to Cross Site Scripting (XSS)

Software Divi Builder Type Plugin Vulnerable versions = 4.25.0 Fixed in 4.25.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b9e2bbfe1f2c Credits Webbernaut Required...

PT-2024-30506 · Unknown +1 · Divi Builder +4

Name of the Vulnerable Software and Affected Versions: The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress versions up to, and including, 2.5.3 Description: The issue is related to DOM-Based Cross-Site Scripting due to insufficient input sanitization and outpu...

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin <= 3.4.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin versions = 3.4.3. Solution Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version at least 3.5.0...

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin <= 3.4.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin versions = 3.4.3. Solution Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version...

CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...