Connect with us

WordPress

WordPress Divi Theme Code Injection Vulnerability

Published

on

Roger Montti


Elegant Themes announced that several of their products contained a code injection vulnerability and should be updated right away. The vulnerability allows an untrustworthy user to execute PHP functions.

Divi is a popular WordPress theme that is widely used around the world. It’s important that publishers update their theme and two other Elegant Themes products right away.

Elegant Themes Announcement

The official announcement detailed that the vulnerability was discovered during the course of a routine audit.

This is how they described the discovery:

“A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.”

Elegant Themes Products with Vulnerability

Three products from Elegant Themes were discovered to contain a vulnerability. The products are the popular Divi theme, Extra theme and the Divi Builder plugin.

What is the Divi, Extra and Builder Vulnerability?

The vulnerability is a code injection variety. It allows contributors who are logged in to execute a limited set of PHP functions.

In general, a code injection attack allows a hacker to execute commands that can then compromise the website and sometimes even the entire server. In general, a code injection vulnerability can allow a malicious user to install malware on a website.

This vulnerability affects Elegant Theme publishers using Divi 3.23 and higher, Extra 2.23 and higher or Divi Builder 2.23 and higher who have granted publishing credentials to contributors.

How to Protect Against Divi Vulnerability

Updating to the latest versions of Divi, Extra and the Divi Builder plugin (versions 4.0.10) will protect you from this vulnerability.

While this vulnerability may not affect users who do not have third party contributors, authors and editors, it’s still worthwhile to update your Divi theme because there are numerous bug fixes that accompany this update.

Read the official Divi theme change log here.
Read the Elegant Themes Extra Theme changelog.
Read the Elegant Themes Builder changelog.
Read the archive of the email announcement here.



Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

WordPress

Google temporarily disables local reviews

Published

on


Google temporarily disables local reviews – Search Engine Land









Continue Reading

WordPress

Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak

Published

on

Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak


Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak – Search Engine Land









Continue Reading

WordPress

Optimizing paid search and Amazon campaigns for seasonality

Published

on

Optimizing paid search and Amazon campaigns for seasonality


Optimizing paid search and Amazon campaigns for seasonality – Search Engine Land








Continue Reading

Trending

Copyright © 2019 Plolu.