Themes Vulnerabilities

Divi < 4.20.3 - Contributor+ Stored XSS

Description

The theme does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Themes

Divi
Fixed in 4.20.3

References

CVE
CVE-2023-29099

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
f8b5a18e-b72f-4da0-94a8-3ae83d686d8a

Timeline

Publicly Published
2023-05-09 (about 2 years ago)
Added
2023-08-09 (about 2 years ago)
Last Updated
2023-08-09 (about 2 years ago)

Other

Published
Title
Published
2025-02-23
Title
Wired Impact Volunteer Management < 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-16
Title
Ninja Forms < 3.6.34 - Admin+ Stored XSS
Published
2016-05-28
Title
Gallery - Video Gallery <= 1.7.01 - Stored Cross-Site Scripting (XSS)
Published
2025-11-09
Title
Travelers' Map < 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-11-17
Title
Ultimate Tables <= 1.6.5 - Reflected Cross-Site Scripting