Test ID:	1.3.6.1.4.1.25623.1.0.112800
Category:	Web application abuses
Title:	WordPress Elegant Themes Divi Theme 3.0 <= 4.5.2 Authenticated Arbitrary File Upload Vulnerability
Summary:	The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability.
Description:	Summary: The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability. Vulnerability Insight: The theme uses a client-side file type verification check, but it was missing a server-side verification check. This flaw made it possible for authenticated attackers to easily bypass the JavaScript client-side check and upload malicious PHP files to a targeted website. An attacker could easily use a malicious file uploaded via this method to completely take over a site. Vulnerability Impact: This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server. Affected Software/OS: WordPress Divi theme by Elegant Themes versions 3.0 through 4.5.2. Solution: Update to version 4.5.3 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-35945 https://wpscan.com/vulnerability/10342 https://www.wordfence.com/blog/2020/08/critical-vulnerability-exposes-over-700000-sites-using-divi-extra-and-divi-builder/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.