Elegant Themes Security Update
We just received word from Elegant Themes that a security patch has been released for DIVI builder and DIVI themes. Updating these products to their latest versions will apply the patch, keeping your WordPress website secure.
A privilege escalation vulnerability was discovered that could allow low level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins. It was discovered by an independent security researcher during a scheduled internal code audit and Elegant Themes released updates on Tuesday October 30th to patch this vulnerability.
Are You Affected?
The problems identified affect any WordPress site using the Divi theme, Extra theme or the Divi Builder plugin. Specifically it affects these websites that also have open user registration or low level post authors.
How To Fix It
There is no patch for this and updating the theme and plugins will patch the bugs and improve the security of your WordPress site. If you don't currently have a WordPress SLA or Managed WordPress hosting service, then you will have to apply these updates manually. You can purchase an Elegant Themes API key at reduced rate via our Special Offers page. There is also an option for a $20 one time update for DIVI available here.