WordPress Plugin Vulnerabilities
ElegantThemes (Divi, Extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS)
A privilege escalation vulnerability was discovered that could allow low level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins.
Fixed in version 2.17.3
Fixed in version 3.17.3 Fixed in version 2.17.3 Fixed in version 3.17.3
2018-10-30 (about 3 years ago)
2018-10-31 (about 3 years ago)
2020-11-26 (about 1 years ago)