Critical RCE Vulnerability in Divi Form Builder Plugin for WordPress
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload, allowing Remote Code Execution in all versions up to 5.1.8. This vulnerability arises from insufficient file extension validation in the do_image_upload() function, enabling attackers to upload executable PHP files by bypassing .htaccess protections. Attackers can exploit this flaw without authentication if they obtain a nonce from public pages. The vulnerability has a CVSS score of 9.8, indicating critical severity. Despite a partial patch in version 5.1.3, the issue remains unaddressed in subsequent versions. Organizations, especially those using Nginx servers, are advised to update to versions beyond 5.1.8 and implement additional server-level protections. Currently, there is no evidence of proof-of-concept exploits or active exploitation in the wild.
Key Points: • Divi Form Builder plugin versions up to 5.1.8 are vulnerable to RCE via file uploads. • Attackers can bypass protections by using PHP-executable extensions like .phtml and .phar. • A CVSS score of 9.8 indicates critical severity; immediate updates are recommended.