VYPR

Divi

by WordPress

CVEs (6)

  • CVE-2020-35945CriJan 1, 2021
    risk 0.65cvss 9.9epss 0.02

    An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file…

  • CVE-2024-5533MedJun 18, 2024
    risk 0.42cvss 6.4epss 0.00

    The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject…

  • CVE-2024-4490MedMay 14, 2024
    risk 0.42cvss 6.4epss 0.01

    The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This…

  • CVE-2023-6744MedDec 23, 2023
    risk 0.42cvss 6.4epss 0.00

    The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible…

  • CVE-2023-29099MedAug 8, 2023
    risk 0.42cvss 6.5epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.

  • CVE-2015-1579Feb 11, 2015
    risk 0.05cvss epss 0.22

    Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of…