CVE-2024-4490

Name of the Vulnerable Software and Affected Versions Elegant Themes Divi theme versions up to 4.25.0 Elegant Themes Extra theme versions up to 4.25.0 Divi Page Builder plugin for WordPress versions up to 4.25.0

Description The issue is related to DOM-Based Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages via the title parameter. The injected scripts will execute whenever a user accesses the injected page.

Recommendations For Elegant Themes Divi theme versions up to 4.25.0, update to a version later than 4.25.0 to resolve the issue. For Elegant Themes Extra theme versions up to 4.25.0, update to a version later than 4.25.0 to resolve the issue. For Divi Page Builder plugin for WordPress versions up to 4.25.0, update to a version later than 4.25.0 to resolve the issue. As a temporary workaround, consider restricting access to the title parameter to minimize the risk of exploitation.