Medium 6.4
2025-07-03< 4.27.2
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
Divi
Minimum safe version
4.27.2
Update to 4.27.2 or later to address 9 fixable vulnerabilities
Affected up to4.5.2 ⚠
Medium 5.4
2024-06-18< 4.25.2
CVE-2024-5533
Medium 6.4
2024-05-10< 4.25.1
CVE-2024-4490
Medium 5.4
2024-12-27< 4.23.2
WordPress Divi Theme <= 4.23.1 is vulnerable to Cross Site Scripting (XSS)
Medium 6.5
2023-08-08< 4.20.3
CVE-2023-29099
N/A
2018-10-30< 3.17.3
Elegant Themes (Various Versions) - Stored Cross-Site Scripting
N/A
2020-01-04≥ 3.23 and ≤ 4.0.9
Elegant Themes Divi 3.23 - 4.0.9, Divi Extra 2.23 - 4.0.9, Divi Builder 2.23 - 4.0.9 - PHP Code Injection
N/A
< 2.6.4
wpscan.com
N/A
2016-02-18< 2.6.4
WordPress Elegant Themes <= 2.6.3 - Privilege Escalation
N/A
2020-01-05< 4.0.10
WordPress Divi premium theme <= 4.0.9 - Authenticated Code Injection
High 8.8
2021-01-01≥ 3.0 and ≤ 4.5.2
CVE-2020-35945