WordPress DiviTorque plugin <= 4.0.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin DiviTorque – Divi Theme, Divi Builder and Extra Theme versions = 4.0.5...

EUVD-2016-1993

Malware in sbrugna...

EUVD-2024-44104

Malicious code in bioql PyPI...

CVE-2024-4490

The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5501

The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttononeid’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2016-11002

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation...

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Software DiviTorque – Divi Theme, Divi Builder and Extra Theme Type Plugin Vulnerable versions = 3.6.6 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5892 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

CVE-2024-5501

The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttononeid’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Themes 安全漏洞

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Themes that stems from insufficient cleaning o...

CVE-2024-4490 Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Extra theme <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Theme Extra versions = 4.25.0...

WordPress Extra Theme <= 4.25.0 is vulnerable to Cross Site Scripting (XSS)

Software Extra Type Theme Vulnerable versions = 4.25.0 Fixed in 4.25.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bcfad4f5bb49 Credits Webbernaut Required privilege...

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin <= 3.4.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin versions = 3.4.3. Solution Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version at least 3.5.0...

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin <= 3.4.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin versions = 3.4.3. Solution Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version...

Design/Logic Flaw

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...

CVE-2020-35945

CVE-2020-35945 affects WordPress environments using the Divi Builder plugin, Divi theme, and Divi Extra theme prior to 4.5.3. The vulnerability allows authenticated attackers with contributor-level or higher privileges to upload arbitrary files, including PHP, because the extension check is perfo...

PT-2021-11877

Name of the Vulnerable Software and Affected Versions: Divi Builder plugin versions prior to 4.5.3 Divi theme versions prior to 4.5.3 Divi Extra theme versions prior to 4.5.3 Description: An issue allows authenticated attackers with contributor-level or above capabilities to upload arbitrary file...

WordPress Elegant Themes Extra Theme 2.0 <= 4.5.2 Authenticated Arbitrary File Upload Vulnerability

The WordPress theme Extra by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

VulnCheck KEV: CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...

CVE-2016-11002

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation...