An issue exists in the Divi Builder plugin, Divi theme, and Divi Extra theme prior to 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
elegant themes divi |
||
elegant themes divi builder |
||
elegant themes divi extra |