Divi CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Elegant Themes Subscriptions

Filtered by product Divi Subscriptions

Search

Switch to Advanced Search (Beta)

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-29099	1 Elegant Themes	1 Divi	2024-11-21	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.
CVE-2020-35945	1 Elegant Themes	3 Divi, Divi Builder, Divi Extra	2024-11-21	9.9 Critical
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
CVE-2015-1579	1 Elegant Themes	1 Divi	2024-11-21	N/A
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.

Page 1 of 1.