Elegant Themes issues security patch for Divi and Extra WordPress themes

edited June 2018 in Web Development

Elegant Themes yesterday announced they had patched a security vulnerability in the popular Divi, Extra themes.

The Problem

According to Nick Roach from Elegant Themes...

These products contained a bug that made it possible for logged in WordPress users, regardless of their user role, to retrieve post content, including processed shortcodes, from posts that were last edited using the classic Divi Builder.

Are You Affected?

You are affected if you...

  • Use Divi or Extra as your WordPress theme.
  • Allow user registration or have plugins installed that allow for user registration.
  • Have pages built using the classic Divi Builder or have plugins installed that allow underprivileged users to publish posts.

In such cases, logged-in users may be able to retrieve the content from posts that were last edited using the classic Divi Builder and execute shortcodes within their own posts regardless of their permission level.

How To Fix It

Updating your themes and plugins will fix this problem. You can update your themes or plugins from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.

What If You Can't Update Right Now?

If you are unable to update your themes/plugins right away, you can use the security patch here.

Installing this plugin will fix the problem, and you can continue to use the security patch plugin until you are able to update your products to their latest versions.

Thexyz Customers have already been patched

If you have a Managed WordPress plan or upgraded WordPress SLA, your site has already been patched and updated. Not sure how to update your theme? Let us do it! Sign up for our WordPress SLA's right now or start a chat, we’re happy to help.

Sign In or Register to comment.