Divi-Booster WordPress plugin allows unauthorized edits by anyone

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Divi-Booster WordPress plugin allows unauthorized edits by anyone

CVE-2026-2626

Summary

The Divi-Booster WordPress plugin, used in some websites, has a security weakness that lets anyone make changes to certain settings without being authorized. This could allow hackers to make unwanted changes to your website. If you use this plugin, update it to version 5.0.2 or later to fix the problem.

Original title

Original description

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize() on the data, this could be further exploited when combined with a PHP gadget chain to achieve PHP Object Injection

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

CWE-502 Deserialization of Untrusted Data

https://wpscan.com/vulnerability/c8f5e821-1788-419f-a00c-cfd4306d0fa5/

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026