ReportizFlow
Filtered by vendor Divi Engine
Subscriptions
Filtered by product Divi Form Builder
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5118 | 2 Divi Engine, Wordpress | 2 Divi Form Builder, Wordpress | 2026-05-22 | 9.8 Critical |
| The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured default_user_role setting. This makes it possible for unauthenticated attackers to create administrator accounts by tampering with the role parameter during registration. | ||||
Page 1 of 1.