Divi Builder by Elegant Themes is one of the most popular WordPress page builders that allow users to build beautiful WordPress pages without using a single line of code. At this point of writing, there are over 600,000 websites using Divi Builder and most of them are powered by either Divi Theme or the Extra Theme.
On 2nd January 2020, critical vulnerabilities were found in all the three popular products—Divi Builder Plugin, Divi Theme and the Extra Theme. It is important to understand that this vulnerability can be exploited and could potentially damage your website.
We recommend you to take immediate steps to fix the security vulnerability, which we will show you in this article.
During a routine security audit, a type of vulnerability called the code injection vulnerability was discovered by the Elegant Themes team. It allows users roles like contributors, authors, and editors to execute certain PHP functions.
The vulnerability can be exploited by untrustworthy users. If you are affected by the vulnerability, you need to take immediate action.
Websites owners who are running the following versions are affected by the vulnerability:
In order to know what version you are using on your website, you can find out with this method.
Take a look at the image below to further understand the method.
The easiest way is to update the plugin and the theme to fix the vulnerability issue.
Upon discovery of the vulnerability, the team behind Elegant Themes had released a patch in the form of an update.
You need to update Divi related plugins or themes through your WordPress dashboard.
Here's how it is done.
In the Updates page, you can see all the themes and plugins that you need to update.
The plugin and themes will be updated to version 4.0.10 which contains the security patch.
Due to the seriousness of the Divi vulnerability, you can now update your Divi themes or plugins through your WordPress dashboard.
Here's the thing. Hackers are always on the lookout for vulnerabilities that they can exploit to carry out their misdeeds.
Here are some of the ways you know your WordPress website had been hacked.
We are sorry that your WordPress website was hacked. Here are simple ways you can take to remove malware and fix a hacked WordPress website.
Last but not least, it is important to ensure that your Divi websites are safe. Always use strong passwords and making sure everything is updated are the two most important part of avoiding any vulnerabilities.