An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the clien...
9.9CVSS
8.7AI Score
0.002EPSS
The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the βtitleβ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for au...
6.4CVSS
5.8AI Score
0.001EPSS