WP-Safety

ACME Divi Modules Security & Risk Analysis

wordpress.org/plugins/acme-divi-modules

Acme Divi Modules adds some free extra modules and hacks to Elegant Themes Divi Builder

400 active installs v1.3.5 PHP + WP 3.0.1+ Updated Sep 2, 2019
custom-modules-for-dividivi-change-projects-slugdivi-excerptdivi-modulesdivi-portfolio
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEMar 31, 2025
Plugin page Download
Safety Verdict

Is ACME Divi Modules Safe to Use in 2026?

Use With Caution

Score 64/100

ACME Divi Modules has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Mar 31, 2025Updated 6yr ago
Risk Assessment

The 'acme-divi-modules' v1.3.5 plugin exhibits a mixed security posture. While it avoids dangerous functions and uses prepared statements for all SQL queries, significant concerns exist regarding its attack surface and output sanitization. The presence of two AJAX handlers without authentication checks is a critical oversight, opening potential avenues for unauthorized actions. Furthermore, the fact that 52% of output is not properly escaped increases the risk of cross-site scripting (XSS) vulnerabilities. The taint analysis revealing unsanitized paths, although not classified as critical or high severity in this instance, warrants attention as it indicates potential for data manipulation if exploited in conjunction with other weaknesses.

The plugin's vulnerability history, specifically the presence of one unpatched medium severity CVE related to missing authorization, reinforces the concerns identified in the static analysis. This suggests a recurring pattern of authorization issues. The last vulnerability was in March 2025, implying it might be a recent or ongoing issue. While the absence of critical or high severity CVEs is positive, the existing medium vulnerability combined with the uncovered unprotected entry points suggests a need for immediate attention to strengthen its overall security. The plugin's strengths lie in its avoidance of direct SQL injection vectors and dangerous functions, but these are overshadowed by its susceptibility to authorization bypass and potential XSS attacks due to inadequate output escaping and unprotected AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Significant unescaped output
  • Unpatched medium severity CVE
  • Unsanitized paths in taint analysis
  • No nonce checks on AJAX handlers
  • No capability checks
Vulnerabilities
1

ACME Divi Modules Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31540medium · 4.3Missing Authorization

ACME Divi Modules <= 1.3.5 - Missing Authorization

Mar 31, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

ACME Divi Modules Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
111
118 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

52% escaped229 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
get_taxonomies (admin\class-acme-divi-modules-admin.php:358)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

ACME Divi Modules Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 2

authwp_ajax_abmp_get_terms_htmlincludes\class-acme-divi-modules.php:166
authwp_ajax_abmp_get_taxonomiesincludes\class-acme-divi-modules.php:167

Shortcodes 4

[et_pb_blog_acme] admin\class-acme-divi-modules-admin.php:505
[et_pb_portfolio_acme] admin\class-acme-divi-modules-admin.php:517
[et_pb_portfolio_fw_acme] admin\class-acme-divi-modules-admin.php:529
[et_pb_cta_home] admin\class-acme-divi-modules-admin.php:541
WordPress Hooks 21
actionplugins_loadedincludes\class-acme-divi-modules.php:140
actionet_builder_readyincludes\class-acme-divi-modules.php:155
actionet_builder_readyincludes\class-acme-divi-modules.php:156
actionet_builder_readyincludes\class-acme-divi-modules.php:157
actionet_builder_readyincludes\class-acme-divi-modules.php:158
actionpre_get_postsincludes\class-acme-divi-modules.php:160
actionadmin_menuincludes\class-acme-divi-modules.php:163
filteracme_debugincludes\class-acme-divi-modules.php:174
filteracme_drop_dataincludes\class-acme-divi-modules.php:175
filteracme_get_post_typesincludes\class-acme-divi-modules.php:176
filteracme_get_taxonomiesincludes\class-acme-divi-modules.php:177
filteracme_get_termsincludes\class-acme-divi-modules.php:178
filteret_builder_post_typesincludes\class-acme-divi-modules.php:181
actionadmin_initincludes\class-acme-divi-modules.php:184
actionadmin_initincludes\class-acme-divi-modules.php:185
actionadmin_initincludes\class-acme-divi-modules.php:186
actionadmin_initincludes\class-acme-divi-modules.php:187
filteret_project_posttype_rewrite_argsincludes\class-acme-divi-modules.php:189
actionwp_enqueue_scriptsincludes\class-acme-divi-modules.php:205
actionwp_enqueue_scriptsincludes\class-acme-divi-modules.php:206
actionafter_setup_themeincludes\class-acme-divi-modules.php:210
Maintenance & Trust

ACME Divi Modules Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedSep 2, 2019
PHP min version
Downloads20K

Community Trust

Rating82/100
Number of ratings11
Active installs400
Alternatives

ACME Divi Modules Alternatives

Simple Divi Shortcode

Simple Divi Shortcode

simple-divi-shortcode

A
100

Insert DIVI Library item inside module content or inside a php template by using a shortcode.

10K No CVEs
Eventin Addon for Divi Builder

Eventin Addon for Divi Builder

eventin-divi-addon

A
100

Eventin - Divi Builder Addons for Event Management, Event Calendar and so on...

800 No CVEs
Give – Divi Donation Modules

Give – Divi Donation Modules

give-donation-modules-for-divi

A
91

A GiveWP add-on which allows you to embed any GiveWP shortcode into your Divi-powered pages.

600 1 CVE
Squad Form Styler – Contact Form 7, Gravity Forms, WPForms, and Fluent Forms

Squad Form Styler – Contact Form 7, Gravity Forms, WPForms, and Fluent Forms

form-styler-for-divi

A
92

The Squad Forms Styler for Divi Builder allows you to style your Contact Form 7, Gravity Forms, and WPForms.

100 No CVEs
Squad Post Grid Module for Divi Theme, Extra Theme and Divi Builder

Squad Post Grid Module for Divi Theme, Extra Theme and Divi Builder

post-grid-module-for-divi

A
92

The Squad Post Grid Module for Divi Builder allows you to display your blog posts in a stylish and organized grid layout.

90 No CVEs
Developer Profile

ACME Divi Modules Developer Profile

acmemediakits

3 plugins · 430 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ACME Divi Modules

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acme-divi-modules/css/jquery-ui.css/wp-content/plugins/acme-divi-modules/css/acme-divi-modules-admin.css/wp-content/plugins/acme-divi-modules/js/acme-divi-modules-admin.js
Script Paths
/wp-content/plugins/acme-divi-modules/js/acme-divi-modules-admin.js
Version Parameters
acme-divi-modules/css/jquery-ui.css?ver=acme-divi-modules/css/acme-divi-modules-admin.css?ver=acme-divi-modules/js/acme-divi-modules-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
acme-divi-modules-admin
Data Attributes
data-plugin-name="acme-divi-modules"
JS Globals
ACME_DIVI_MODULES_NAME
FAQ

Frequently Asked Questions about ACME Divi Modules