Vulnerability CVE-2024-4490
Published: 2024-05-14

Description:
The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ??title?? parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/efac70f6-d959-41f7-bdef-d554f1c9133e?source=cve
https://www.elegantthemes.com
https://www.elegantthemes.com/api/changelog/divi.txt
Copyright 2026, cxsecurity.com

 

Back to Top