Elegant Themes Divi vulnerabilities
5 known vulnerabilities affecting elegant_themes/divi.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2024-4490P4MEDIUMCVSS 6.4≤ 4.25.02024-05-14
CVE-2024-4490 [MEDIUM] CWE-79 CVE-2024-4490: The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerabl
The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissio
nvd
CVE-2024-5647P4MEDIUMCVSS 6.4≤ 4.27.12025-07-03
CVE-2024-5647 [MEDIUM] CWE-79 CVE-2024-5647: Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundle
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a
nvd
CVE-2023-29099P4MEDIUMCVSS 5.4≥ n/a, ≤ 4.20.22023-08-08
CVE-2023-29099 [MEDIUM] CWE-79 CVE-2023-29099: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <=
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.
nvd
CVE-2023-6744P4MEDIUMCVSS 5.4≤ 4.23.12023-12-23
CVE-2023-6744 [MEDIUM] CWE-79 CVE-2023-6744: The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_te
The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inje
nvd
CVE-2024-5533P4MEDIUMCVSS 5.4≤ 4.25.12024-06-18
CVE-2024-5533 [MEDIUM] CWE-20 CVE-2024-5533: The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and
The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an
nvd