285 matches found
WordPress RW Divi Unite Gallery plugin <= 1.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress RW Divi Unite Gallery plugin versions = 1.0. Solution No patched version available...
WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin <= 3.4.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin versions = 3.4.3. Solution Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version at least 3.5.0...
WordPress Image Carousel For Divi plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Image Carousel For Divi plugin versions = 1.4.0. Solution Update the WordPress Image Carousel For Divi plugin to the latest available version at least 1.5.0...
WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin <= 3.4.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin versions = 3.4.3. Solution Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version...
WordPress Ultimate Carousel For Divi plugin <= 4.3.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ultimate Carousel For Divi plugin versions = 4.3.0. Solution Update the WordPress Ultimate Carousel For Divi plugin to the latest available version at least 4.3.1...
WordPress Preloader for Divi plugin <= 1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Preloader for Divi plugin versions = 1.4. Solution No patched version available...
WordPress Divi Collage plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Divi Collage plugin versions = 1.0.0. Solution Update the WordPress Divi Collage plugin to the latest available version at least 1.0.1...
WordPress RW Divi Unite Gallery plugin <= 1.0 - Security Bypass vulnerability via Outdated Freemius
Security Bypass vulnerability via Outdated Freemius discovered by 0xdecafbad in WordPress RW Divi Unite Gallery plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 24, 2022 and is not available for download. This closure is temporary, pending a full...
RW Divi Unite Gallery <= 1.0 - Security Bypass via Outdated Freemius
The plugin is vulnerable to a security bypass due to the use of a known vulnerable component, Freemius 2.2.4. The plugin uses Freemius 1.0.0 and is therefore vulnerable. The core issue that causes the vulnerability is in the setdboption function, which is exposed to any authenticated user with no...
CVE-2020-35945
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...
CVE-2020-35945
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...
Design/Logic Flaw
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...
CVE-2020-35945
CVE-2020-35945 affects WordPress environments using the Divi Builder plugin, Divi theme, and Divi Extra theme prior to 4.5.3. The vulnerability allows authenticated attackers with contributor-level or higher privileges to upload arbitrary files, including PHP, because the extension check is perfo...
PT-2021-11877
Name of the Vulnerable Software and Affected Versions: Divi Builder plugin versions prior to 4.5.3 Divi theme versions prior to 4.5.3 Divi Extra theme versions prior to 4.5.3 Description: An issue allows authenticated attackers with contributor-level or above capabilities to upload arbitrary file...
WordPress Elegant Themes Divi Theme 3.0 <= 4.5.2 Authenticated Arbitrary File Upload Vulnerability
The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload
Description This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. Usage: php poc.php url username password filetoupload Once the file is...
VulnCheck KEV: CVE-2020-35945
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...
WordPress Divi Builder plugin <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Divi Builder plugin versions = 4.5.2. Solution Update the WordPress Divi Builder plugin to the latest available version at least 4.5.3...
Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload
Description This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. PoC Usage: php poc.php url username password filetoupload Once the file is...
WordPress Divi premium theme <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Divi premium theme versions = 4.5.2. Solution Update the WordPress Divi premium theme to the latest available version at least 4.5.3...