Product
The Divi Torque Lite plugin for WordPress, in versions up to 4.2.3, is vulnerable to Cross-Site Request Forgery (CVE-2026-4275), allowing an unauthenticated attacker to exploit inadequate nonce verification on the /install_plugin and /activate_plugin REST API endpoints to install arbitrary WordPress plugins, potentially leading to remote code execution or further system compromise.