CVE-2026-2626

8.1 HIGH

Published: March 11, 2026 Modified: March 11, 2026

Description

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize() on the data, this could be further exploited when combined with a PHP gadget chain to achieve PHP Object Injection

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://wpscan.com/vulnerability/c8f5e821-1788-419f-a00c-cfd4306d0fa5/

Source: contact@wpscan.com

1 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.1 / 10.0

EPSS (Exploit Probability)

0.0%

10th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-352 CWE-502

Related CVEs

CVE-2026-4497 7.3

CVE-2026-4496 5.3

CVE-2026-33010 8.1

CVE-2026-32710 8.5

CVE-2026-32318 7.6