ElegantThemes (Divi, Extra, divi-builder < 4.0.10) - Authenticated Code Injection

Description "A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions." Affected: Divi version 3.23 and above, Extra 2.23 and above Divi Builder version 2.23 and above...

ElegantThemes (Divi, Extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS)

Description A privilege escalation vulnerability was discovered that could allow low level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins...

ElegantThemes - Privilege Escalation

Description An information disclosure vulnerability was found in the Divi Builder included in our Divi and Extra themes, as well as our Divi Builder plugin which resulted in the potential for user privilege escalation. If properly exploited, it could allow registered users, regardless of role, on...

WordPress Elegance Local File Disclosure

Post Local File Disclosure in wordpress theme Elegance + Date: 07/06/2014 + CWE Number: CWE-98 + Risk: High + Author: Felipe Andrian Peixoto + Dork:inurl:"/wp-content/themes/elegance/" + Vendor Homepage: http://www.elegantthemes.com/ + Contact: [email protected] + Tested on: Windows 7 and...