Compliance Management, Privacy, Vulnerability Management

Elegant Themes warns users of critical vulnerability

Users of the WordPress template company, Elegant Themes, are advised to immediately patch their systems after a critical information disclosure vulnerability was discovered in the company's Divi Builder product.

“If properly exploited, it could allow registered users, regardless of role, on your WordPress installation to perform a subset of actions within the Divi Builder, including the ability to manipulate posts,” the company said in an email to its users.

The vulnerability affects several of the company's themes and plugins, including the DiviExtra, and Divi 2.3 (legacy) themes, as well as our Divi BuilderBloom and Monarch plugins, Elegant Themes said in the email.

Updates are available for free and all expired accounts and users are recommended to not use affected versions. The vulnerability was privately disclosed and reportedly hasn't been exploited in the wild, the company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.