CVE-2020-35945
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
We have discovered 1,634 live websites that are affected by CVE-2020-35945.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Domains | 1,634 live websites (100% of Extra install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Details
- Published - Jan 1, 2021
- Updated - Aug 4, 2024
CVE References
Website Distribution by Country
Number of websites using CVE-2020-35945 United States | 557 websites |
 Germany | 148 websites |
 France | 148 websites |
 Poland | 80 websites |
 Italy | 70 websites |
 Spain | 58 websites |
 GB | 49 websites |
 Brazil | 45 websites |
 Netherlands | 42 websites |
 Russia | 36 websites |
Website Distribution by TLD
Number of websites using CVE-2020-35945| .com | 703 websites |
| .org | 101 websites |
| .fr | 64 websites |
| .pl | 62 websites |
| .com.br | 47 websites |
| .net | 46 websites |
| .it | 46 websites |
| .de | 46 websites |
| .nl | 38 websites |
| .es | 30 websites |
Websites affected by CVE-2020-35945
Top websites that are affected by CVE-2020-35945. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | **,*** | |
| ***************.net | France | **,*** | |
| *********.***.tr |  Turkey | ***,*** | |
| **************.it | Netherlands | ***,*** | |
| *****************.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| ************.**.uk | GB | ***,*** | |
| ********.es | United States | ***,*** | |
| ******.fr | France | ***,*** | |
| ************.net | France | ***,*** |
FAQ
A total of 1,634 websites have been identified as vulnerable to CVE-2020-35945, based on global website indexing conducted by WebTechSurvey.
The Extra is affected by the CVE-2020-35945 vulnerability.
Extra versions up to 4.5.3 are vulnerable to CVE-2020-35945.
CVE-2020-35945 is resolved in version 4.5.3 of Extra.