Important Security Update for DIVI based Websites
Yesterday a vulnerability in DIVI by Elegant Themes was discovered. A security patch has been released for DIVI builder and DIVI themes, updating these products to their latest versions will apply the patch, keeping your WordPress website secure.
A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.
Are You Affected?
Every WordPress website with potentially untrustworthy contributor, author and editor users using Divi version 3.23 and above, Extra 2.23 and above or Divi Builder version 2.23 and above are affected and should update to the latest product versions. Product versions 4.0.10 include the security patch.
How To Fix It
There is an available patch for this here or updating the theme and plugins will patch the bugs and improve the security of your WordPress site. If you don't currently have a WordPress SLA or Managed WordPress hosting service, then you will have to apply these updates manually. You can purchase an Elegant Themes API key at reduced rate via our Special Offers page. There is also an option for a $20 one time update for DIVI available here.
If you have any questions or concerns, please know that our virtual doors are always open. If there is anything we can do to help, just let us know.