A critical privilege escalation vulnerability in the Divi Form Builder plugin for WordPress allows unauthenticated users to register as administrators.

This is a privilege escalation flaw where the plugin fails to properly validate the 'role' parameter during user registration. Consequently, an unauthenticated attacker can manipulate this parameter to gain administrative privileges upon account creation.

The CVSS score of 9.8 reflects the high severity of this vulnerability. Unauthorized administrative access allows attackers to gain full control over the WordPress installation, leading to data exfiltration, malicious content injection, and total site takeover, which can cause profound reputational and security damage.

Immediate Action: Update the Divi Form Builder plugin to the latest version provided by the vendor.

Proactive Monitoring: Audit user accounts for any unauthorized administrator registrations or suspicious account activity initiated since the deployment of the plugin.

Compensating Controls: Temporarily disable user registration functionality on the WordPress site until the plugin has been updated and verified.

Public Exploit Available: false

This vulnerability represents a total loss of site integrity. Organizations using this plugin must prioritize updating to the latest version to prevent unauthorized administrative takeover and safeguard sensitive site data.