ZAST AIZAST engine has identified and verified CVE-2026-1829 in Content Visibility for Divi Builder 4.01, along with one additional verified vulnerability in the same plugin.
Project page: https://wordpress.org/plugins/content-visibility-for-divi-builder/ Project footprint: 2,000+ active installations on WordPress.org.
The critical issue is a code-execution path where user-controlled visibility expressions reach eval() through multiple application features. This is a representative example of why security teams need autonomous verification: dangerous APIs alone do not define risk. Reachability, privilege boundaries, and runtime behavior do.
ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps enterprise teams prioritize remediation on verified issues.
Full report: https://blog.zast.ai/vulnerability%20research/ai%20security/Auditing-Content-Visibility-for-Divi-Builder/
@wordfence @WordPress @[email protected]
#ApplicationSecurity #WordPressSecurity #AppSec #VulnerabilityResearch #AIForSecurity