Lucene search
+L

285 matches found

Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress RW Divi Unite Gallery plugin <= 1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress RW Divi Unite Gallery plugin versions = 1.0. Solution No patched version available...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.15 views

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin <= 3.4.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin versions = 3.4.3. Solution Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version at least 3.5.0...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.14 views

WordPress Image Carousel For Divi plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Image Carousel For Divi plugin versions = 1.4.0. Solution Update the WordPress Image Carousel For Divi plugin to the latest available version at least 1.5.0...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.16 views

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin <= 3.4.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin versions = 3.4.3. Solution Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version...

4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.18 views

WordPress Ultimate Carousel For Divi plugin <= 4.3.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ultimate Carousel For Divi plugin versions = 4.3.0. Solution Update the WordPress Ultimate Carousel For Divi plugin to the latest available version at least 4.3.1...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.6 views

WordPress Preloader for Divi plugin <= 1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Preloader for Divi plugin versions = 1.4. Solution No patched version available...

4.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Divi Collage plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Divi Collage plugin versions = 1.0.0. Solution Update the WordPress Divi Collage plugin to the latest available version at least 1.0.1...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/23 12:0 a.m.8 views

WordPress RW Divi Unite Gallery plugin <= 1.0 - Security Bypass vulnerability via Outdated Freemius

Security Bypass vulnerability via Outdated Freemius discovered by 0xdecafbad in WordPress RW Divi Unite Gallery plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 24, 2022 and is not available for download. This closure is temporary, pending a full...

3.8AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/22 12:0 a.m.10 views

RW Divi Unite Gallery <= 1.0 - Security Bypass via Outdated Freemius

The plugin is vulnerable to a security bypass due to the use of a known vulnerable component, Freemius 2.2.4. The plugin uses Freemius 1.0.0 and is therefore vulnerable. The core issue that causes the vulnerability is in the setdboption function, which is exposed to any authenticated user with no...

1.6AI score
Exploits0References1Affected Software1
NVD
NVD
added 2021/01/01 4:15 a.m.22 views

CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...

9.9CVSS9.6AI score0.02422EPSS
Exploits2References2
OSV
OSV
added 2021/01/01 4:15 a.m.7 views

CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...

8.8CVSS7.4AI score0.02422EPSS
Exploits2References2
Prion
Prion
added 2021/01/01 4:15 a.m.15 views

Design/Logic Flaw

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...

6.5CVSS8.7AI score0.02422EPSS
Exploits2References2Affected Software3
CVE
CVE
added 2021/01/01 3:28 a.m.116 views

CVE-2020-35945

CVE-2020-35945 affects WordPress environments using the Divi Builder plugin, Divi theme, and Divi Extra theme prior to 4.5.3. The vulnerability allows authenticated attackers with contributor-level or higher privileges to upload arbitrary files, including PHP, because the extension check is perfo...

9.9CVSS8.7AI score0.02422EPSS
Exploits2References2Affected Software3
Positive Technologies
Positive Technologies
added 2021/01/01 12:0 a.m.7 views

PT-2021-11877

Name of the Vulnerable Software and Affected Versions: Divi Builder plugin versions prior to 4.5.3 Divi theme versions prior to 4.5.3 Divi Extra theme versions prior to 4.5.3 Description: An issue allows authenticated attackers with contributor-level or above capabilities to upload arbitrary file...

9.9CVSS8AI score0.02422EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2020/08/06 12:0 a.m.20 views

WordPress Elegant Themes Divi Theme 3.0 <= 4.5.2 Authenticated Arbitrary File Upload Vulnerability

The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.9CVSS8.8AI score0.02422EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/04 12:0 a.m.113 views

Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload

Description This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. Usage: php poc.php url username password filetoupload Once the file is...

9.9CVSS9.4AI score0.02422EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2020/08/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...

9.9CVSS7.4AI score0.02422EPSS
Exploits2References1
Patchstack
Patchstack
added 2020/08/04 12:0 a.m.21 views

WordPress Divi Builder plugin <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Divi Builder plugin versions = 4.5.2. Solution Update the WordPress Divi Builder plugin to the latest available version at least 4.5.3...

9.9CVSS3.4AI score0.02422EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/04 12:0 a.m.55 views

Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload

Description This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. PoC Usage: php poc.php url username password filetoupload Once the file is...

9.9CVSS9.3AI score0.02422EPSS
Exploits2References2
Patchstack
Patchstack
added 2020/08/04 12:0 a.m.49 views

WordPress Divi premium theme <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Divi premium theme versions = 4.5.2. Solution Update the WordPress Divi premium theme to the latest available version at least 4.5.3...

9.9CVSS3.3AI score0.02422EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder