CVE-2026-2626

Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection

Description

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize() on the data, this could be further exploited when combined with a PHP gadget chain to achieve PHP Object Injection

INFO

Published Date :

2026-03-11T06:00:10.837Z

Last Modified :

2026-03-11T06:00:10.837Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2026-2626 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2626.

URL	Resource
https://wpscan.com/vulnerability/c8f5e821-1788-419f-a00c-cfd4306d0fa5/

CVE-2026-2626

Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection

Description

INFO

2026-03-11T06:00:10.837Z

2026-03-11T06:00:10.837Z

WPScan

AFFECTED PRODUCTS

REFERENCES

CVSS Vulnerability Scoring System