A vulnerability was found in Divi Engine Divi Form Builder Plugin up to 5.1.2 on WordPress. It has been classified as critical . Affected by this vulnerability is the function default_user_role of the component Setting Handler . Performing a manipulation of the argument role results in improper privilege management. This vulnerability was named CVE-2026-5118 . The attack may be initiated remotely. There is no available exploit.