It has just been announced that Elegant Themes have discovered serious security vulnerabilities in a number of their plugins and themes.
The affected themes and plugins are:
- Divi < v2.6.4
- Divi Legacy < v2.3.4
- Divi Builder < v1.2.4
- Extra < v1.2.4
- Bloom < v1.1.1
- Monarch < v1.2.7
If you have any of the listed themes or plugins installed, and the version numbers are less that those shown above -- your website is vulnerable to this issue.
Updated versions of the affected plugins and themes are now available from Elegant Themes. If you are a registered user, you should have received an email regarding these issues.
If you use any of the listed themes or plugins, we strongly recommend that you immediately install the updates. You can download the updates from the Elegant Themes members area, or you can use the Elegant Themes Updater plugin (Instructions for installation and authorisation are here).
Elegant Themes have so far handled this problem very well; patched versions are already available and they have also released a plugin (as a temporary measure only) which can be used as an interim measure while you prepare to update your actual themes and / or plugins.
We have already scanned our systems for any instances of the affected themes and plugins -- and where found -- we have installed and activated the Elegant Themes Security patcher plugin.
What happens next?
Now that all our users sites have been (temporarily) patched for this issue, we will begin the process of updating the actual themes and plugins affected. Due to the way that Elegant Themes manage their updates, this is not as simple as we might like it to be. We will install updates where possible, and in cases where there are some complications (such as edited versions of themes), we will be in contact with the site owners and work with them directly to resolve the issues.
If you have any questions or concerns regarding this issue, please open a support ticket.