Back to KEVs

CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 01, 2021
Published Date
January 01, 2021
Last Updated
August 04, 2024
Vendor
n/a
Product
n/a
Description
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
Tags
wordpress php

CVSS Scores

CVSS v3.1

9.9 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2.0

6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Score

Score
1.67% (Percentile: 81.08%) as of 2025-05-12

Exploit Status

Exploited in the Wild
Yes (2020-08-04 05:57:42 UTC) Source

References

https://www.wordfence.com/blog/2020/08/critical-vulnerability-exposes-over-700000-sites-using-divi-extra-and-divi-builder/ https://wpscan.com/vulnerability/10342

Known Exploited Vulnerability Information

Source Added Date
Wordfence 2020-08-04 05:57:42 UTC

Timeline

  • Added to KEVIntel

  • CVE ID Reserved

  • CVE Published to Public