CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 0CVE-2024-5647 – Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
https://notcve.org/view.php?id=CVE-2024-5647
02 Jul 2025 — Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was fixed in the upstream library (Magnifi... • https://www.wordfence.com/threat-intel/vulnerabilities/id/dae80fc2-3076-4a32-876d-5df1c62de9bd?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5533 – Divi <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-5533
17 Jun 2024 — The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El tema Divi para WordPress es vulnerable a Cross-Site Scripting Almacenado en todas las versiones hasta la 4.25.1 incluida debido a una saniti... • https://www.elegantthemes.com/api/changelog/divi.txt • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4490 – Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-4490
09 May 2024 — The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Elegant Themes Divi theme, ... • https://www.elegantthemes.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6744 – Divi <= 4.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2023-6744
22 Dec 2023 — The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Divi theme para WordPress es vulnerable a Cross-Site Scripting ... • https://www.elegantthemes.com/api/changelog/divi.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29099 – WordPress Divi Theme <= 4.20.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-29099
09 May 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en las versiones 4.20.2 e inferiores del tema Divi de Elegant themes. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de colaborador o superior. The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.20.2 due to insufficient input sanitization and out... • https://patchstack.com/database/vulnerability/divi/wordpress-divi-theme-4-20-2-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 2%CPEs: 3EXPL: 2CVE-2020-35945 – Elegant Themes (Multiple Versions) - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2020-35945
03 Aug 2020 — An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side. Se detectó un problema en el plugin Divi Builder, Divi theme y Divi Extra theme versiones anteriores a 4.5.3 para WordPress. Los atacantes autenticados, con capacidades de nivel de colaborador o super... • https://wpscan.com/vulnerability/10342 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19162
https://notcve.org/view.php?id=CVE-2018-19162
05 Nov 2019 — Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. Divi versiones hasta la versión 4.0.5 (una criptomoneda de prueba de apuesta basada en cadena) permite una denegación de servicio remota, explotable por parte de un atacante que adquiere inclusive una pequeña cantidad de monedas de apuesta ... • http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf • CWE-400: Uncontrolled Resource Consumption •