Vendor
The Divi Form Builder plugin for WordPress versions up to 5.1.8 is vulnerable to Missing Authorization, allowing authenticated attackers with subscriber-level access to change the email and password of any user, including administrators, by exploiting improper authorization checks in the update_user() and handle_register_submission() functions, enabling complete account takeover.