Medium 6.4
2025-07-03< 4.27.2
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
Divi Builder
Minimum safe version
4.27.2
Update to 4.27.2 or later to address 8 fixable vulnerabilities
Affected up to4.5.2 ⚠
Medium 6.4
2024-05-10< 4.25.1
CVE-2024-4490
N/A
2018-10-30< 2.17.3
Elegant Themes (Various Versions) - Stored Cross-Site Scripting
N/A
2020-01-04≥ 2.23 and ≤ 4.0.9
Elegant Themes Divi 3.23 - 4.0.9, Divi Extra 2.23 - 4.0.9, Divi Builder 2.23 - 4.0.9 - PHP Code Injection
N/A
< 2.17.3
ElegantThemes (Divi, Extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS)
N/A
< 4.0.10
ElegantThemes (Divi, Extra, divi-builder < 4.0.10) - Authenticated Code Injection
N/A
< 1.2.4
wpscan.com
N/A
2016-02-18< 1.2.4
WordPress Elegant Themes <= 2.6.3 - Privilege Escalation
N/A
2020-01-05< 4.0.10
WordPress Divi Builder plugin <= 4.0.9 - Authenticated Code Injection vulnerability
High 8.8
2021-01-01≥ 2.0 and ≤ 4.5.2
CVE-2020-35945