WP-Safety

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Security & Risk Analysis

wordpress.org/plugins/supreme-modules-for-divi

Divi Supreme lite plugin enhances the experience and features found on Divi and extend with custom creative modules to help you build amazing websites …

200K active installs v2.5.63 PHP 7.4+ WP 4.5+ Updated Dec 19, 2025
dividivi-builderdivi-moduledivi-page-builderdivi-theme
95
A · Safe
CVEs total3
Unpatched0
Last CVEJan 15, 2026
Plugin page Download
Safety Verdict

Is Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Safe to Use in 2026?

Generally Safe

Score 95/100

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jan 15, 2026Updated 5mo ago
Risk Assessment

The static analysis of "supreme-modules-for-divi" v2.5.63 reveals a generally strong security posture with some notable strengths. The plugin exhibits good practices by having no raw SQL queries (all use prepared statements), a high percentage of properly escaped output, and all identified AJAX handlers include nonce and capability checks. The absence of shortcodes, cron events, and REST API routes further limits the potential attack surface. However, the vulnerability history is a significant concern. With three known CVEs, including one high and two medium severity vulnerabilities, and a recent vulnerability reported in 2026, this indicates a pattern of past security weaknesses that have required patching. While there are currently no unpatched vulnerabilities, the recurrence of issues like "Unrestricted Upload of File with Dangerous Type" and "Cross-site Scripting" suggests potential ongoing challenges in secure coding practices for certain features.

In conclusion, while the current version shows improvements in common security implementations like input validation and authorization checks, the historical pattern of vulnerabilities necessitates caution. The past issues, particularly those related to file uploads and XSS, highlight areas that require continuous scrutiny. The plugin demonstrates strengths in its current implementation's defense mechanisms, but the historical record points to a need for robust ongoing security auditing and development to prevent future exploitable flaws. Users should remain vigilant and ensure timely updates, as the history suggests a potential for future discoveries.

Key Concerns

  • Vulnerability history: High severity CVEs
  • Vulnerability history: Medium severity CVEs
  • Vulnerability history: Recent vulnerability (2026)
  • High percentage of unescaped output (10%)
Vulnerabilities
3 published

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-13062high · 8.8Unrestricted Upload of File with Dangerous Type

Supreme Modules Lite <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass

Jan 15, 2026 Patched in 2.5.63 (1d)
CVE-2024-5501medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.51 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 31, 2024 Patched in 2.5.52 (1d)
CVE-2024-4334medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

May 1, 2024 Patched in 2.5.4 (2d)
Version History

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Release Timeline

v2.5.63Current6 files changed
v2.5.621 CVE36 files changed
CVE-2025-13062
v2.5.611 CVE5 files changed
CVE-2025-13062
v2.5.601 CVE6 files changed
CVE-2025-13062
v2.5.591 CVE7 files changed
CVE-2025-13062
v2.5.581 CVE3 files changed
CVE-2025-13062
v2.5.571 CVE5 files changed
CVE-2025-13062
v2.5.561 CVE3 files changed
CVE-2025-13062
v2.5.551 CVE3 files changed
CVE-2025-13062
v2.5.541 CVE2 files changed
CVE-2025-13062
v2.5.531 CVE4 files changed
CVE-2025-13062
v2.5.521 CVE3 files changed
CVE-2025-13062
v2.5.512 CVEs3 files changed
CVE-2025-13062 CVE-2024-5501
v2.5.52 CVEs3 files changed
CVE-2025-13062 CVE-2024-5501
v2.5.42 CVEs92 files changed
CVE-2025-13062 CVE-2024-5501
v2.5.33 CVEs5 files changed
CVE-2024-4334 CVE-2025-13062 CVE-2024-5501
v2.5.23 CVEs3 files changed
CVE-2024-4334 CVE-2025-13062 CVE-2024-5501
v2.5.13 CVEs29 files changed
CVE-2024-4334 CVE-2025-13062 CVE-2024-5501
v2.5.03 CVEs106 files changed
CVE-2024-4334 CVE-2025-13062 CVE-2024-5501
v2.4.23 CVEs
CVE-2024-4334 CVE-2025-13062 CVE-2024-5501
Code Analysis
Analyzed Mar 16, 2026

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
73
658 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

90% escaped731 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
dsm_load_cf7_library (includes\class-dsm-supreme-modules-for-divi.php:987)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

noprivwp_ajax_dsm_load_cf7_libraryincludes\class-dsm-supreme-modules-for-divi.php:235
authwp_ajax_dsm_load_cf7_libraryincludes\class-dsm-supreme-modules-for-divi.php:236
noprivwp_ajax_dsm_load_caldera_formsincludes\class-dsm-supreme-modules-for-divi.php:248
authwp_ajax_dsm_load_caldera_formsincludes\class-dsm-supreme-modules-for-divi.php:249
WordPress Hooks 92
filterupload_mimesincludes\class-dsm-json-handler.php:45
filterwp_check_filetype_and_extincludes\class-dsm-json-handler.php:46
actionadmin_initincludes\class-dsm-supreme-modules-for-divi-review.php:60
actionadmin_initincludes\class-dsm-supreme-modules-for-divi-review.php:61
actionadmin_noticesincludes\class-dsm-supreme-modules-for-divi-review.php:139
actioninitincludes\class-dsm-supreme-modules-for-divi.php:153
actionadmin_enqueue_scriptsincludes\class-dsm-supreme-modules-for-divi.php:167
actionadmin_enqueue_scriptsincludes\class-dsm-supreme-modules-for-divi.php:168
actiondivi_extensions_initincludes\class-dsm-supreme-modules-for-divi.php:173
filteradmin_footer_textincludes\class-dsm-supreme-modules-for-divi.php:175
actionadmin_enqueue_scriptsincludes\class-dsm-supreme-modules-for-divi.php:176
filterplugin_action_links_supreme-modules-for-divi/supreme-modules-for-divi.phpincludes\class-dsm-supreme-modules-for-divi.php:189
filterplugin_action_linksincludes\class-dsm-supreme-modules-for-divi.php:190
filterplugin_row_metaincludes\class-dsm-supreme-modules-for-divi.php:191
actioninitincludes\class-dsm-supreme-modules-for-divi.php:194
actioninitincludes\class-dsm-supreme-modules-for-divi.php:197
filteret_pb_all_fields_unprocessed_et_pb_sectionincludes\class-dsm-supreme-modules-for-divi.php:215
filteret_module_shortcode_outputincludes\class-dsm-supreme-modules-for-divi.php:216
filteret_pb_all_fields_unprocessed_et_pb_rowincludes\class-dsm-supreme-modules-for-divi.php:217
filteret_module_shortcode_outputincludes\class-dsm-supreme-modules-for-divi.php:218
filtermanage_edit-et_pb_layout_columnsincludes\class-dsm-supreme-modules-for-divi.php:224
actionmanage_et_pb_layout_posts_custom_columnincludes\class-dsm-supreme-modules-for-divi.php:225
filterbody_classincludes\class-dsm-supreme-modules-for-divi.php:230
filteret_builder_load_actionsincludes\class-dsm-supreme-modules-for-divi.php:234
actionwpcf7_initincludes\class-dsm-supreme-modules-for-divi.php:239
actionwpcf7_initincludes\class-dsm-supreme-modules-for-divi.php:241
actionwpcf7_initincludes\class-dsm-supreme-modules-for-divi.php:243
filteret_builder_load_actionsincludes\class-dsm-supreme-modules-for-divi.php:247
filterscript_loader_tagincludes\class-dsm-supreme-modules-for-divi.php:252
filteret_required_module_assetsincludes\class-dsm-supreme-modules-for-divi.php:253
actionwp_enqueue_scriptsincludes\class-dsm-supreme-modules-for-divi.php:297
actionwp_enqueue_scriptsincludes\class-dsm-supreme-modules-for-divi.php:298
filterthe_contentincludes\class-dsm-supreme-modules-for-divi.php:678
filtercaldera_forms_render_field_fileincludes\class-dsm-supreme-modules-for-divi.php:1258
filtercaldera_forms_get_style_includesincludes\class-dsm-supreme-modules-for-divi.php:1286
actionadmin_initincludes\class.page-settings.php:13
actionadmin_menuincludes\class.page-settings.php:14
actionadmin_enqueue_scriptsincludes\class.settings-api.php:21
filteret_global_assets_listincludes\modules\Badges\Badges.php:267
filteret_late_global_assets_listincludes\modules\Badges\Badges.php:268
filteret_global_assets_listincludes\modules\BeforeAfterImage\BeforeAfterImage.php:970
filteret_late_global_assets_listincludes\modules\BeforeAfterImage\BeforeAfterImage.php:971
filteret_global_assets_listincludes\modules\BusinessHours\BusinessHours.php:568
filteret_late_global_assets_listincludes\modules\BusinessHours\BusinessHours.php:569
filteret_global_assets_listincludes\modules\Buttons\Buttons.php:1975
filteret_late_global_assets_listincludes\modules\Buttons\Buttons.php:1976
filteret_global_assets_listincludes\modules\Buttons\Buttons.php:1980
filteret_late_global_assets_listincludes\modules\Buttons\Buttons.php:1981
filtercaldera_forms_render_field_fileincludes\modules\CalderaForms\CalderaForms.php:1052
filtercaldera_forms_get_style_includesincludes\modules\CalderaForms\CalderaForms.php:1080
filteret_global_assets_listincludes\modules\CalderaForms\CalderaForms.php:1115
filteret_late_global_assets_listincludes\modules\CalderaForms\CalderaForms.php:1116
filteret_global_assets_listincludes\modules\ContactForm7\ContactForm7.php:574
filteret_late_global_assets_listincludes\modules\ContactForm7\ContactForm7.php:575
filteret_global_assets_listincludes\modules\EmbedGoogleMap\EmbedGoogleMap.php:130
filteret_late_global_assets_listincludes\modules\EmbedGoogleMap\EmbedGoogleMap.php:131
filteret_global_assets_listincludes\modules\EmbedTwitterTimeline\EmbedTwitterTimeline.php:222
filteret_late_global_assets_listincludes\modules\EmbedTwitterTimeline\EmbedTwitterTimeline.php:223
filteret_global_assets_listincludes\modules\FacebookSimpleComments\FacebookSimpleComments.php:166
filteret_late_global_assets_listincludes\modules\FacebookSimpleComments\FacebookSimpleComments.php:167
filteret_global_assets_listincludes\modules\FacebookSimpleFeed\FacebookSimpleFeed.php:245
filteret_late_global_assets_listincludes\modules\FacebookSimpleFeed\FacebookSimpleFeed.php:246
filteret_global_assets_listincludes\modules\FlipBoxPerk\FlipBoxPerk.php:390
filteret_late_global_assets_listincludes\modules\FlipBoxPerk\FlipBoxPerk.php:391
filteret_global_assets_listincludes\modules\FlipBoxPerkChild\FlipBoxPerkChild.php:732
filteret_global_assets_listincludes\modules\GradientText\GradientText.php:156
filteret_late_global_assets_listincludes\modules\GradientText\GradientText.php:157
filteret_global_assets_listincludes\modules\IconList\IconList.php:1106
filteret_late_global_assets_listincludes\modules\IconList\IconList.php:1107
filteret_global_assets_listincludes\modules\ImageAccordion\ImageAccordion.php:308
filteret_late_global_assets_listincludes\modules\ImageAccordion\ImageAccordion.php:309
filteret_global_assets_listincludes\modules\ImageAccordionChild\ImageAccordionChild.php:537
filteret_global_assets_listincludes\modules\Lottie\Lottie.php:338
filteret_late_global_assets_listincludes\modules\Lottie\Lottie.php:339
filternav_menu_link_attributesincludes\modules\Menu\Menu.php:592
filterwp_setup_nav_menu_itemincludes\modules\Menu\Menu.php:602
filterwalker_nav_menu_start_elincludes\modules\Menu\Menu.php:605
filteret_global_assets_listincludes\modules\Menu\Menu.php:1159
filteret_late_global_assets_listincludes\modules\Menu\Menu.php:1160
filteret_global_assets_listincludes\modules\PerspectiveImage\PerspectiveImage.php:785
filteret_late_global_assets_listincludes\modules\PerspectiveImage\PerspectiveImage.php:786
filteret_global_assets_listincludes\modules\PriceList\PriceList.php:604
filteret_late_global_assets_listincludes\modules\PriceList\PriceList.php:605
filteret_global_assets_listincludes\modules\Shapes\Shapes.php:802
filteret_late_global_assets_listincludes\modules\Shapes\Shapes.php:803
filteret_global_assets_listincludes\modules\TextDivider\TextDivider.php:341
filteret_late_global_assets_listincludes\modules\TextDivider\TextDivider.php:342
filteret_global_assets_listincludes\modules\TypingEffect\TypingEffect.php:873
filteret_late_global_assets_listincludes\modules\TypingEffect\TypingEffect.php:874
filterthe_contentincludes\templates\page-template-404.php:105
filterthe_contentincludes\templates\page-template-search.php:99
actionadmin_noticessupreme-modules-for-divi.php:101
Maintenance & Trust

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 19, 2025
PHP min version7.4
Downloads3.8M

Community Trust

Rating96/100
Number of ratings106
Active installs200K
Alternatives

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Alternatives

Shortcodes for Divi

Shortcodes for Divi

shortcodes-for-divi

A
92

Shortcodes for Divi by WP Zone Allows you to use Divi Shortcodes everywhere where text comes.

10K No CVEs
Squad Modules Lite – Advanced Divi Modules for Divi Theme, Extra Theme and Divi Builder

Squad Modules Lite – Advanced Divi Modules for Divi Theme, Extra Theme and Divi Builder

squad-modules-for-divi

A
100

The Essential Divi plugin, offering 25+ stunning free modules like Advanced Divider, Flip box, and more.

1K No CVEs
Charts for Divi – Divi Theme, Extra Theme and Divi Builder

Charts for Divi – Divi Theme, Extra Theme and Divi Builder

charts-for-divi

A
100

Elevate your website with Charts for Divi plugin, featuring custom creative modules for stunning chart creation.

70 No CVEs
LikeablePress Integration of SendFox for Divi

LikeablePress Integration of SendFox for Divi

likeablepress-sendfox-for-divi

A
85

SendFox for Divi by LikeablePress gives you full design control over your SendFox Opt-In forms. Design your forms in real time and see the results ins &hellip;

40 No CVEs
Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme

Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme

addons-for-divi

A
99

The Divi Torque plugin you install after Divi builder! Packed with 70+ stunning modules like Post Grid, Filterable Gallery, Google Reviews, and more.

50K 2 CVEs
Developer Profile

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Developer Profile

Supreme Modules

2 plugins · 202K total installs

96
trust score
Avg Security Score
94/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/supreme-modules-for-divi/public/css/dsm-et-admin.css/wp-content/plugins/supreme-modules-for-divi/admin/css/dsm-plugin.css

HTML / DOM Fingerprints

CSS Classes
dsm-et-admin
FAQ

Frequently Asked Questions about Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder