CVE-2026-5118

The repository contains a functional exploit for CVE-2026-5118, targeting Divi Form Builder <= 5.1.2. It demonstrates unauthenticated privilege escalation by injecting a 'role=administrator' parameter via the plugin's AJAX handler, leveraging a shared nonce and improper role validation.

This Python 2 script exploits an unauthenticated privilege escalation vulnerability in the Divi WordPress plugin (CVE-2026-5118) by extracting a nonce and submitting a crafted multipart request to register an administrator account.

This repository contains a functional exploit for CVE-2026-5118, an unauthenticated privilege escalation vulnerability in Divi Form Builder <= 5.1.2. The exploit automates the creation of an administrator account via role injection and includes detection, parameter extraction, and verification steps.

This repository provides a detailed technical analysis of CVE-2026-5118, an unauthenticated privilege escalation vulnerability in Divi Form Builder <= 5.1.2. It includes root cause analysis, patch recommendations, and a proof-of-concept attack chain.