CVE-2020-35945
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
Date published : 2020-12-31
https://wpscan.com/vulnerability/10342
Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder