Elegantthemes

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-0350 1Elegantthemes 1Carousel Maker For Divi Feb 4, 2025 Jan 25, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and incl...Show more The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-5533 1Elegantthemes 1Divi Apr 8, 2026 Jun 18, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...Show more The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-6744 1Elegantthemes 1Divi Apr 8, 2026 Dec 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on...Show more The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-29099 1Elegantthemes 1Divi Jan 28, 2026 Aug 8, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.
CVE-2020-35945 1Elegantthemes 4Divi Divi BuilderDivi Extra+1 more Feb 4, 2026 Jan 1, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, includin...Show more An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.Show less
CVE-2016-11004 1Elegantthemes 1Monarch Nov 21, 2024 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.
CVE-2016-11003 1Elegantthemes 1Bloom Feb 4, 2026 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.
CVE-2016-11002 1Elegantthemes 1Extra Nov 21, 2024 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.
CVE-2015-1579 1Elegantthemes 1Divi May 6, 2026 Feb 11, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-...Show more Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.Show less