CRITICAL
Divi Engine
CVE published 2026-05-21
CVE-2026-5118
CVE-2026-5118 is a critical privilege-escalation issue in the Divi Form Builder plugin for WordPress, affecting versions up to and including 5.1.2. The core problem is that registration requests accept a user-controlled 'role' parameter from POST data without validating it against the form's configured default_user_role setting. According to the source description, this can let unauthenticated attackers c [truncated]