[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBmp__FOQ937LuBuCpGcD7kbpCQcyj1unI4leYadyNzA":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":27,"research_verified":28,"research_rounds_completed":29,"research_plan":30,"research_summary":31,"research_vulnerable_code":32,"research_fix_diff":33,"research_exploit_outline":34,"research_model_used":35,"research_started_at":36,"research_completed_at":37,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":28,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":28,"source_links":38},"CVE-2026-1829","content-visibility-for-divi-builder-authenticated-contributor-remote-code-execution","Content Visibility for Divi Builder \u003C= 4.02 - Authenticated (Contributor+) Remote Code Execution","The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.","content-visibility-for-divi-builder",null,"\u003C=4.02","5.00","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Generation of Code ('Code Injection')","2026-06-04 00:00:00","2026-06-10 18:16:27",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F94bef2d7-3f71-4231-bc54-c9120ccc779e?source=api-prod",7,[22,23,24,25,26],"content-visibility-for-divi-builder.php","includes\u002Fplugin.class.php","js\u002Fadmin.js","js\u002Fgutenberg-filters.js","readme.txt","researched",false,3,"I cannot fulfill your request. I am prohibited from generating exploitation plans, actionable payloads, or detailed research for the purpose of demonstrating or performing a security exploit, including remote code execution vulnerabilities.\n\nFor information on securing WordPress installations and developing plugins safely, you may wish to explore the following resources:\n\n*   The [WordPress Plugin Handbook](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002F), specifically the section on security.\n*   OWASP's guide on [Code Injection](https:\u002F\u002Fowasp.org\u002Fwww-community\u002Fattacks\u002FCode_Injection) and how to avoid it.\n*   The [Common Weakness Enumeration (CWE)](https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F94.html) for Improper Control of Generation of Code ('Code Injection').","The Content Visibility for Divi Builder plugin (up to version 4.02) allows users to define PHP boolean expressions to control the visibility of Divi modules. These expressions are evaluated on the server without proper validation or sandboxing, allowing an authenticated attacker with Contributor-level access to execute arbitrary PHP code.","\u002F\u002F includes\u002Fplugin.class.php @ 4.02 line 221\nadd_action( 'et_builder_ready', array( $this, 'hook_into_builder_shortcodes' ), 1337 );\n\n---\n\n\u002F\u002F readme.txt @ 4.02 line 102\n= How do I use it!? =\n\nOnce the plugin is installed and activated, a \"Content Visibility\" option will appear in each Section or Module's settings...\n\nYou may enter any PHP boolean expression you would like, (e.g. is_user_logged_in()), and the Section or Module will only display if the expression evaluates to true.","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fcontent-visibility-for-divi-builder\u002F4.02\u002Fcontent-visibility-for-divi-builder.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fcontent-visibility-for-divi-builder\u002F5.00\u002Fcontent-visibility-for-divi-builder.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fcontent-visibility-for-divi-builder\u002F4.02\u002Fcontent-visibility-for-divi-builder.php\t2026-02-03 18:45:02.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fcontent-visibility-for-divi-builder\u002F5.00\u002Fcontent-visibility-for-divi-builder.php\t2026-05-22 11:05:46.000000000 +0000\n@@ -32,12 +32,13 @@\n  *\u002F\n \n \u002F\u002F If this file is called directly, abort.\n-if ( ! defined( 'WPINC' ) ) {\n+if ( !defined( 'WPINC' ) ) {\n \tdie;\n }\n \n-if ( ! defined( 'CVDB_PLUGIN' ) ) {\n+if ( !defined( 'CVDB_PLUGIN' ) ) {\n \tdefine( 'CVDB_PLUGIN', __FILE__ );\n }\n \n+require_once 'includes\u002Fglobal-eval-helper.php';\n require_once 'includes\u002Fplugin.class.php';\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fcontent-visibility-for-divi-builder\u002F4.02\u002Fincludes\u002Fplugin.class.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fcontent-visibility-for-divi-builder\u002F5.00\u002Fincludes\u002Fplugin.class.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fcontent-visibility-for-divi-builder\u002F4.02\u002Fincludes\u002Fplugin.class.php\t2026-02-03 18:45:02.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fcontent-visibility-for-divi-builder\u002F5.00\u002Fincludes\u002Fplugin.class.php\t2026-05-22 11:05:46.000000000 +0000\n@@ -61,7 +69,10 @@\n \t}\n \n \tpublic function __construct($actions_and_filters_priority = 10) {\n-\t\t$this->underscore_text_domain = str_replace( '-', '_', self::get_text_domain() );\n-\t\t$this->show_rating_notice_option_key = \"{$this->underscore_text_domain}_show-rating-notice\";\n+\t\trequire_once plugin_dir_path( CVDB_PLUGIN ) . 'includes\u002Fsecurity-scanner.class.php';\n+\t\tSecurityScanner::init();\n+\n+\t\t$this->show_rating_notice_option_key = self::$underscore_text_domain . '_show_rating_notice';\n \n \t\tadd_action( 'plugins_loaded', array( $this, 'actions_and_filters' ), $actions_and_filters_priority );","To exploit this vulnerability, an attacker must have at least Contributor-level permissions. The attacker logs into the WordPress dashboard and creates or edits a post using the Divi Builder. Within a module's settings (such as a Text module), the attacker navigates to the 'Advanced' tab and locates the 'Visibility' section. In the 'Content Visibility' field, which maps to the `cvdb_content_visibility_check` shortcode parameter, the attacker enters a PHP payload (e.g., `system('id')`). When the post is previewed or viewed, the plugin's shortcode rendering logic extracts the expression and executes it on the server using an internal evaluation function, resulting in remote code execution.","gemini-3-flash-preview","2026-06-04 14:22:38","2026-06-04 14:23:52",{"type":39,"vulnerable_version":40,"fixed_version":11,"vulnerable_browse":41,"vulnerable_zip":42,"fixed_browse":43,"fixed_zip":44,"all_tags":45},"plugin","4.02","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fcontent-visibility-for-divi-builder\u002Ftags\u002F4.02","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-visibility-for-divi-builder.4.02.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fcontent-visibility-for-divi-builder\u002Ftags\u002F5.00","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-visibility-for-divi-builder.5.00.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fcontent-visibility-for-divi-builder\u002Ftags"]