Saif

**Name of the Vulnerable Software and Affected Versions** divi-booster WordPress plugin versions prior to 5.0.2 **Description** The divi-booster WordPress plugin does not have authorization and Cross-Site Request Forgery (CSRF) checks in a specific function. This allows unauthenticated users to modify stored plugin options. The use of the `unserialize()` function on the data introduces a potential for PHP Object Injection when combined with a PHP gadget chain. **Recommendations** Update the divi-booster WordPress plugin to version 5.0.2 or later.