Remote Code Execution Vulnerability in Content Visibility for Divi Builder WordPress Plugin
CVE-2026-1829

8.8HIGH

Key Information:

Vendor: WordPress
Status: Content Visibility For Divi Builder
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-1829?

The Content Visibility for Divi Builder plugin for WordPress contains a vulnerability that allows authenticated users with Contributor-level access and higher to execute arbitrary code on the server. This issue arises due to inadequate input validation of the 'cvdb_content_visibility_check' parameter in the 'et_pb_text' shortcode, enabling potential malicious actions that could compromise the site's integrity. Users are encouraged to update to the patched versions to safeguard against this exploit.

Affected Version(s)

Content Visibility for Divi Builder 0 <= 4.02

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/content-visibi...

https://plugins.trac.wordpress.org/changeset/3543621/cont...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Feb 3, 2026

Credit

ZAST.AI

CVE-2026-1829 Data

JSON