CVE-2026-1829
Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
02 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'et_pb_text' shortcode 'cvdb_content_visibility_check' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
jhorowitz · Content Visibility for Divi BuilderReferences
https://plugins.trac.wordpress.org/browser/content-visibility-for-divi-builder/tags/4.01/includes/plugin.class.php#L229https://plugins.trac.wordpress.org/changeset/3543621/content-visibility-for-divi-builderhttps://www.wordfence.com/threat-intel/vulnerabilities/id/2ea89c44-8ed0-4ab7-a049-4d1b03a898c7?source=cve