← back
CVE-2026-1829

Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

CVSS 8.8 HIGHEPSS 0.7%CWE-94
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'et_pb_text' shortcode 'cvdb_content_visibility_check' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H