WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

ElegantThemes (Divi, Extra, divi-builder < 4.0.10) - Authenticated Code Injection

Description

"A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions."

Affected:
Divi version 3.23 and above,
Extra 2.23 and above
Divi Builder version 2.23 and above.

Product versions 4.0.10 include the security patch.

Affects Plugins

divi-builder
Fixed in version 4.0.10

Affects Themes

Divi
Fixed in version 4.0.10
Extra
Fixed in version 4.0.10
divi
Fixed in version 4.0.10

References

URL
https://us7.campaign-archive.com/?u=9ae7aa91c578052b052b864d6&id=e3532c8cb1
URL
https://www.elegantthemes.com/api/changelog/divi-builder.txt
URL
https://www.elegantthemes.com/api/changelog/divi.txt
URL
https://www.elegantthemes.com/api/changelog/extra.txt

Classification

Type

RCE

OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Verified

No

WPVDB ID
fddc2746-0e65-4a58-85d1-3d4ce20a1739

Timeline

Publicly Published

2020-01-02 (about 2 years ago)

Added

2020-01-03 (about 2 years ago)

Last Updated

2020-11-26 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin