On February 21, 2016, Elegant Themes notified its customers by email, informing them of a critical security vulnerability that affects a large segment of its product line.
"An information disclosure vulnerability was found in the Divi Builder (included in our Divi and Extra themes, as well as our Divi Builder plugin) which resulted in the potential for user privilege escalation. If properly exploited, it could allow registered users, regardless of role, on your WordPress installation to perform a subset of actions within the Divi Builder, including the ability to manipulate posts."
The vulnerability was found in Divi Builder, Divi, Extra, and Divi 2.3 (legacy) themes, as well as the Boom and Monarch plugins. It has been patched by Elegant Themes with the help of a third-party security vendor.
No known exploit attempts have been made.
Updating the themes and plugins will fix the vulnerability. The patches, however were created only for the most recent versions.
Legacy theme customers have now been provided an upgrade path, including a version that doesn’t add new functionality.
Customers who do not wish to update are advised to disable registration on their sites, as untrusted users increases the possibility of privilege escalation.
Given the severity of the vulnerability, Elegant Themes is making the updates available for free to all expired accounts via its updater plugin. Any customers who have forgotten their login credentials can contact Elegant Themes directly to have the latest versions of the themes and plugins sent to them.
| Email: | support@WebHostingHub.com | Ticket: | Submit a Support Ticket |
|---|---|---|---|
| Call: |
877-595-4HUB (4482) 757-416-6627 (Intl.) |
Chat: | Click To Chat Now |
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!