On February 21, 2016, Elegant Themes notified its customers by email, informing them of a critical security vulnerability that affects a large segment of its product line.

"An information disclosure vulnerability was found in the Divi Builder (included in our Divi and Extra themes, as well as our Divi Builder plugin) which resulted in the potential for user privilege escalation. If properly exploited, it could allow registered users, regardless of role, on your WordPress installation to perform a subset of actions within the Divi Builder, including the ability to manipulate posts."

The vulnerability was found in Divi Builder, Divi, Extra, and Divi 2.3 (legacy) themes, as well as the Boom and Monarch plugins. It has been patched by Elegant Themes with the help of a third-party security vendor.

No known exploit attempts have been made.

Updating the themes and plugins will fix the vulnerability. The patches, however were created only for the most recent versions.

Legacy theme customers have now been provided an upgrade path, including a version that doesn’t add new functionality.

Customers who do not wish to update are advised to disable registration on their sites, as untrusted users increases the possibility of privilege escalation.

Given the severity of the vulnerability, Elegant Themes is making the updates available for free to all expired accounts via its updater plugin. Any customers who have forgotten their login credentials can contact Elegant Themes directly to have the latest versions of the themes and plugins sent to them.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.