{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/divi-torque-lite-plugin-for-wordpress--4.2.3/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-4275"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Divi Torque Lite plugin for WordPress (\u003c 4.2.3)"],"_cs_severities":["high"],"_cs_tags":["web","vulnerability","wordpress","csrf","cve"],"_cs_type":"advisory","_cs_vendors":["Elegant Themes"],"content_html":"\u003cp\u003eA critical Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2026-4275, has been identified in the Divi Torque Lite - Divi Theme, Divi Builder \u0026amp; Extra Theme plugin for WordPress, affecting all versions up to and including 4.2.3. This flaw stems from the plugin's use of \u003ccode\u003e__return_true\u003c/code\u003e as the \u003ccode\u003epermission_callback\u003c/code\u003e for the \u003ccode\u003e/install_plugin\u003c/code\u003e and \u003ccode\u003e/activate_plugin\u003c/code\u003e REST API endpoints, effectively bypassing WordPress's native REST API nonce verification. While the endpoints contain internal \u003ccode\u003ecurrent_user_can()\u003c/code\u003e checks, the lack of nonce protection means that a malicious cross-site request originating from a logged-in administrator's browser will pass authentication through existing session cookies. This vulnerability empowers unauthenticated attackers to remotely install arbitrary plugins from the WordPress repository, paving the way for potential remote code execution, website defacement, or complete site compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious web page containing a CSRF payload targeting the Divi Torque Lite plugin's REST API endpoints for plugin installation.\u003c/li\u003e\n\u003cli\u003eThe malicious payload includes a forged HTTP \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e[WordPress_URL]/wp-json/divi-torque-lite/v1/install_plugin\u003c/code\u003e or \u003ccode\u003e/activate_plugin\u003c/code\u003e, specifying an arbitrary plugin from the WordPress repository.\u003c/li\u003e\n\u003cli\u003eThe attacker employs social engineering tactics to lure a logged-in WordPress administrator into visiting the malicious web page.\u003c/li\u003e\n\u003cli\u003eThe administrator's browser, holding valid session cookies for the targeted WordPress site, automatically sends the forged \u003ccode\u003ePOST\u003c/code\u003e request to the vulnerable WordPress instance.\u003c/li\u003e\n\u003cli\u003eThe Divi Torque Lite plugin's REST API endpoint receives the request but bypasses nonce verification due to the misconfigured \u003ccode\u003e__return_true\u003c/code\u003e \u003ccode\u003epermission_callback\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecurrent_user_can()\u003c/code\u003e capability check passes because the request is sent with the administrator's active session context.\u003c/li\u003e\n\u003cli\u003eThe vulnerable plugin processes the request and proceeds to install or activate the attacker-specified malicious plugin from the WordPress repository.\u003c/li\u003e\n\u003cli\u003eThe attacker then leverages the newly installed or activated plugin, potentially exploiting known vulnerabilities within it or using it to achieve remote code execution, elevate privileges, or gain persistent access to the WordPress site.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4275 allows unauthenticated attackers to install arbitrary plugins on affected WordPress sites. This can lead to severe consequences, including remote code execution, privilege escalation, data manipulation, website defacement, and full administrative control over the WordPress instance. The vulnerability carries a CVSS v3.1 Base Score of 8.8 (High), indicating its critical potential for widespread damage. Organizations relying on the Divi Torque Lite plugin face a significant risk of compromise, potentially affecting their data integrity, availability, and user trust.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-4275 immediately by updating the Divi Torque Lite - Divi Theme, Divi Builder \u0026amp; Extra Theme plugin to a version beyond 4.2.3 as soon as a fix is released by the vendor.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect CVE-2026-4275 Exploitation - Divi Torque Lite CSRF\u0026quot; to your SIEM solution and tune for your environment to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP POST requests to \u003ccode\u003e/wp-json/divi-torque-lite/v1/install_plugin\u003c/code\u003e or \u003ccode\u003e/wp-json/divi-torque-lite/v1/activate_plugin\u003c/code\u003e that result in a successful status code, especially from unusual \u003ccode\u003eReferer\u003c/code\u003e headers or sources.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-09T11:20:15Z","date_published":"2026-07-09T11:20:15Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-4275-divi-torque-lite-csrf/","summary":"The Divi Torque Lite plugin for WordPress, in versions up to 4.2.3, is vulnerable to Cross-Site Request Forgery (CVE-2026-4275), allowing an unauthenticated attacker to exploit inadequate nonce verification on the /install_plugin and /activate_plugin REST API endpoints to install arbitrary WordPress plugins, potentially leading to remote code execution or further system compromise.","title":"CVE-2026-4275 - The Divi Torque Lite - Divi Theme, Divi Builder \u0026 Extra Theme plugin for WordPress is vulnerable to CSRF","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-4275-divi-torque-lite-csrf/"}],"language":"en","title":"CraftedSignal Threat Feed - Divi Torque Lite Plugin for WordPress (\u003c 4.2.3)","version":"https://jsonfeed.org/version/1.1"}