WordPress Plugin Vulnerabilities
Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload
Description
This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
Proof of Concept
Affects Plugins
Fixed in 4.5.3 Affects Themes
References
Classification
Type
RCE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-08-03 (about 5 years ago)
Added
2020-08-04 (about 5 years ago)
Last Updated
2021-01-02 (about 5 years ago)
WPScan 