Elegant Themes Security Update
Today our Divi, Extra and Divi Builder products were updated to improve overall security and to fix security issues identified by our team and an independent security researcher during a scheduled internal code audit. Updating these products to their latest versions will apply the patch, keeping your website secure.
A privilege escalation vulnerability was discovered that could allow low level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins.
Are You Affected?
The problems identified affect all websites using the Divi theme, Extra theme or the Divi Builder plugin. Specifically it affects these websites that also have open user registration or low level post authors.
How To Fix It
Updating your themes and plugins will patch the bugs and improve the security of your website. You can update your themes or plugin from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.
Has Your Account Expired?
We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.
We Are Here To Help
Security is extremely important to us and we take a number of precautions to help mitigate issues like this. We will continue to work hard to prevent similar mistakes from happening in the future.
If you have any questions or concerns, please know that our virtual doors are always open. If there is anything we can do to help, just let us know.