Divi

Divi

Vulnerabilities:

9

Last Updated:

February 27, 2026

Active Installs:

n/a

Published
Title
Fixed in
CVSS
Published
2025-07-02
Title
Magnific Popups JavaScript Library < 1.2.0 - Contributor+ Stored XSS
Fixed in
Fixed in 4.27.2
CVSS
5.9 (medium)
Published
2024-06-17
Title
Divi < 4.25.2 - Contributor+ Stored XSS
Fixed in
Fixed in 4.25.2
CVSS
5.9 (medium)
Published
2024-05-09
Title
Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Fixed in
Fixed in 4.25.1
CVSS
6.4 (medium)
Published
2023-12-22
Title
Divi < 4.23.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Fixed in
Fixed in 4.23.2
CVSS
6.4 (medium)
Published
2023-05-09
Title
Divi < 4.20.3 - Contributor+ Stored XSS
Fixed in
Fixed in 4.20.3
CVSS
5.9 (medium)
Published
2020-08-03
Title
Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload
Fixed in
Fixed in 4.5.3
CVSS
5.4 (medium)
Published
2020-01-02
Title
ElegantThemes (Divi, Extra, divi-builder < 4.0.10) - Authenticated Code Injection
Fixed in
Fixed in 4.0.10
CVSS
4.7 (medium)
Published
2018-10-30
Title
ElegantThemes (Divi, Extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS)
Fixed in
Fixed in 3.17.3
CVSS
5.4 (medium)
Published
2016-02-18
Title
ElegantThemes - Privilege Escalation
Fixed in
Fixed in 2.6.4
CVSS
7.6 (high)