WordPress Divi Theme Code Injection Vulnerability

January 6, 2020

WordPress Divi Theme Code Injection Vulnerability

Elegant Themes reported that few of their items contained a code injection vulnerability and should be updated immediately. The vulnerability enables a dishonest user to execute PHP functions.

Divi is a famous WordPress theme that is generally used to develop websites around the world. It’s significant that publishers update their theme and two other Elegant Themes items immediately.

Elegant Themes Announcement

The official declaration points that the vulnerability was found during the span of a standard review.

This is the way they explained the discovery:

“A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.”

Elegant Themes Products with Vulnerability

Three items from Elegant Themes were found to contain a weakness. The items are the well known Divi theme, Extra theme and the Divi Builder plugin.

What is the Divi, Extra and Builder Vulnerability?

The vulnerability is a code injection assortment. It permits contributors who are signed in to execute a limited set of PHP functions.

Generally, a code injection attack enables a hacker to execute commands that would then be able to bargain the site and sometime even the whole server. All in all, a code injection vulnerability can enable a malicious user to install malware on a site.

This vulnerability influences Elegant Theme publishers utilizing Divi 3.23 and higher, Extra 2.23 and higher or Divi Builder 2.23 and higher who have allowed publishing credentials to contributors.

Instructions to Protect Against Divi Vulnerability

Updating to the most recent versions of Divi, Extra and the Divi Builder plugin (forms 4.0.10) will shield you from this vulnerability.

While this vulnerability may not influence users who don’t have outsider contributors, creators and editors, it’s still advantageous to update your Divi theme because there are various bug fixes that go with this update.

Read the official Divi theme change log here.
Read the Elegant Themes Extra Theme changelog.
Read the Elegant Themes Builder changelog.

Still not sure which way to go. Where to start from? If you need any help, feel free to talk with us. We are more than ready to boost your online business according to the latest trends.  Email us at hi@codeledge.com or get a quote from here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate »