Elegant Themes reported that few of their items contained a code injection vulnerability and should be updated immediately. The vulnerability enables a dishonest user to execute PHP functions.
Divi is a famous WordPress theme that is generally used to develop websites around the world. It’s significant that publishers update their theme and two other Elegant Themes items immediately.
The official declaration points that the vulnerability was found during the span of a standard review.
This is the way they explained the discovery:
“A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.”
Three items from Elegant Themes were found to contain a weakness. The items are the well known Divi theme, Extra theme and the Divi Builder plugin.
The vulnerability is a code injection assortment. It permits contributors who are signed in to execute a limited set of PHP functions.
Generally, a code injection attack enables a hacker to execute commands that would then be able to bargain the site and sometime even the whole server. All in all, a code injection vulnerability can enable a malicious user to install malware on a site.
This vulnerability influences Elegant Theme publishers utilizing Divi 3.23 and higher, Extra 2.23 and higher or Divi Builder 2.23 and higher who have allowed publishing credentials to contributors.
Updating to the most recent versions of Divi, Extra and the Divi Builder plugin (forms 4.0.10) will shield you from this vulnerability.
While this vulnerability may not influence users who don’t have outsider contributors, creators and editors, it’s still advantageous to update your Divi theme because there are various bug fixes that go with this update.
Still not sure which way to go. Where to start from? If you need any help, feel free to talk with us. We are more than ready to boost your online business according to the latest trends. Email us at firstname.lastname@example.org or get a quote from here.