Arbitrary File Upload Vulnerability in Divi Builder Plugin and Themes

Arbitrary File Upload Vulnerability in Divi Builder Plugin and Themes

CVE-2020-35945 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.

Learn more about our Wordpress Pen Testing.