|Category:||Web application abuses|
|Title:||WordPress Elegant Themes Divi Theme 3.0 <= 4.5.2 Authenticated Arbitrary File Upload Vulnerability|
|Summary:||The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability.|
The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability.
The theme uses a client-side file type verification check, but it was missing a server-side verification check.
malicious PHP files to a targeted website.
An attacker could easily use a malicious file uploaded via this method to completely take over a site.
This flaw gave authenticated attackers, with contributor-level or above capabilities,
the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server.
WordPress Divi theme by Elegant Themes versions 3.0 through 4.5.2.
Update to version 4.5.3 or later.
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.