[Note: Elegant Themes released the following announcement regarding a security vulnerability update to their popular Divi theme. Feel free to contact Elegant Themes for any support issues or questions.]
Summary
Today Divi, Extra and the Divi Builder plugin were updated to fix a security vulnerability. Updating these themes and plugins to their latest versions will fix the problem and keep your website secure.
The Problem
A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.
Are You Affected?
Every website with potentially untrustworthy contributor, author and editor users using Divi version 3.23 and above, Extra 2.23 and above or Divi Builder version 2.23 and above are affected and should update to the latest product versions. Product versions 4.0.10 include the security patch.
How To Fix It
Updating your themes and plugins will fix this problem. You can update your themes and plugins from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.
Has Your Account Expired?
We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.
We Are Here To Help
Security is extremely important to us and we take a number of precautions to help mitigate issues like this. We will continue to work hard to prevent similar mistakes from happening in the future.
If you have any questions or concerns, please know that our virtual doors are always open. If there is anything we can do to help, just let us know.
Best wishes
Nick Roach, Elegant Themes, Founder & CEO
2 Jan 2020 – 2:21 PM