VYPR
Critical severity9.9NVD Advisory· Published Jan 1, 2021· Updated Jun 17, 2026

CVE-2020-35945

CVE-2020-35945

Description

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.

Affected products

4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.