In recent weeks Elegant Themes have released an important security update to their popular themes including Divi and Extra. This critical update was due to a security vulnerability that was discovered in Elegant Themes products and also extended to their plugin suite.
An information disclosure vulnerability was found in the Divi Builder (included in our Divi and Extra themes, as well as our Divi Builder plugin) which resulted in the potential for user privilege escalation. If properly exploited, it could allow registered users, regardless of role, on your WordPress installation to perform a subset of actions within the Divi Builder, including the ability to manipulate posts.
Existing 4tify clients running any of the Elegant Themes templates and plugins have had their sites updated within hours as part of their regular site security maintenance.
Clients with Elegant Themes’ templates or plugins not hosted by 4tify are urged to update their site as soon as possible. Updates have been made available free of charge including to those with expired accounts.