Volerion logoVolerion
Volerion logoVolerion

Content Visibility for Divi Builder Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in the Content Visibility for Divi Builder plugin for WordPress, affecting all versions through 4.02. The vulnerability arises from improper handling of the 'cvdb_content_visibility_check' parameter in the 'et_pb_text' shortcode. This flaw allows authenticated attackers with Contributor-level access or higher to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the affected WordPress site is hosted.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can use the 'et_pb_text' shortcode and include a crafted 'cvdb_content_visibility_check' parameter that exploits the vulnerability. This can be done by adding the shortcode to a post or page and publishing it.

Remediation

Users are advised to update the Content Visibility for Divi Builder plugin to version 5.00 or later.

Added: Jun 2, 2026, 8:39 PM
Updated: Jun 2, 2026, 8:39 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
5.7
remediation
0.0
relevance
9.8
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.