Elegant Themes introduced that a number of of their merchandise contained a code injection vulnerability and ought to be up to date instantly. The vulnerability permits an untrustworthy person to execute PHP features.
Divi is a well-liked WordPress theme that’s extensively used around the globe. It’s vital that publishers replace their theme and two different Elegant Themes merchandise instantly.
Elegant Themes Announcement
The official announcement detailed that the vulnerability was found in the course of the course of a routine audit.
This is how they described the invention:
“A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.”
Elegant Themes Products with Vulnerability
Three merchandise from Elegant Themes had been found to comprise a vulnerability. The merchandise are the favored Divi theme, Extra theme and the Divi Builder plugin.
What is the Divi, Extra and Builder Vulnerability?
The vulnerability is a code injection selection. It permits contributors who’re logged in to execute a restricted set of PHP features.
In common, a code injection assault permits a hacker to execute instructions that may then compromise the web site and generally even the whole server. In common, a code injection vulnerability can permit a malicious person to put in malware on an internet site.
This vulnerability impacts Elegant Theme publishers utilizing Divi three.23 and better, Extra 2.23 and better or Divi Builder 2.23 and better who’ve granted publishing credentials to contributors.
How to Protect Against Divi Vulnerability
Updating to the newest variations of Divi, Extra and the Divi Builder plugin (variations four.zero.10) will defend you from this vulnerability.
While this vulnerability might not have an effect on customers who do not need third occasion contributors, authors and editors, it’s nonetheless worthwhile to replace your Divi theme as a result of there are quite a few bug fixes that accompany this replace.
Read the official Divi theme change log right here.
Read the Elegant Themes Extra Theme changelog.
Read the Elegant Themes Builder changelog.
Read the archive of the e-mail announcement right here.