Back to search
CVE-2026-2626
Published: Mar 11, 2026
Modified: Mar 11, 2026
PUBLISHED
Description
The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize() on the data, this could be further exploited when combined with a PHP gadget chain to achieve PHP Object Injection
| Vendor | Product | Versions |
|---|---|---|
Unknown | divi-booster | affected 0 - < 5.0.2 |
References
https://wpscan.com/vulnerability/c8f5e821-1788-419f-a00c-cfd4306d0fa5/
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now