Web Design Solutions that Empower Your Brand Tel: 941.870.5343

Summary
There is a security alert around the Divi framework used in WordPress that requires all sites to be patched on an URGENT basis. Divi has been our core development tool for the last five years so if we rebuilt your website in that time period there is a strong chance we used Divi.

You can do the patch yourself by accessing your WordPress site and taking the relevant update or we can do this for you as a service. If you want us to do that please email us and we will take care of it on an URGENT basis. Our standard procedure is to take the update, complete a quick visual check of the site, and then email our client to confirm that it is has been done.

Divi version 4.5.3 is the one that you want to be on.


Below is the extended technical write up from Divi.

Today DiviExtra and the Divi Builder plugin were updated to fix a security vulnerability. Updating these themes and plugins to their latest versions will fix the problem and keep your website secure.

The Problem

The builder lacked sufficient file type checks in the Divi Portability system, allowing for arbitrary file uploads. This is a critical security issue that could allow logged-in contributors, authors and editors with access to the builder to upload disallowed files to the server, leading to further exploit.

This vulnerability was discovered by WordFence in an internal audit and responsibly disclosed to our team, allowing us to fix the problem before it had been actively exploited.

Are You Affected?

Every website with potentially untrustworthy users that have access to the builder using Divi version 3.0 and above, Extra 2.0 and above or Divi Builder version 2.0 and above are affected and should update to the latest product versions. Product versions 4.5.3 include the security patch.

How To Fix It

Updating your themes and plugins will fix this problem. You can update your themes or plugin from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.

What If You Can’t Update Right Now?

If you are unable to update your themes/plugins right away, you can use our security patcher plugin to patch the vulnerability without updating your products. This is a free download for all customers. Installing this plugin will fix the problem, and you can continue to use the security patcher plugin until you are able to update your products to their latest versions.

Share This