WordPress Divi Theme, Builder and Extra Code Injection Vulnerability

Elegant Themes announced that several of their products contained a code injection vulnerability and should be updated right away. The vulnerability allows an untrustworthy user to execute PHP functions. Three products from Elegant Themes were discovered to contain a vulnerability. The products are the popular Divi theme, Extra theme and the Divi Builder plugin.

This vulnerability affects Elegant Theme publishers using Divi 3.23 and higher, Extra 2.23 and higher or Divi Builder 2.23 and higher who have granted publishing credentials to contributors. While this vulnerability may not affect users who do not have third party contributors, authors and editors, it’s still worthwhile to update your Divi theme because there are numerous bug fixes that accompany this update.

Updating to the latest versions of Divi, Extra and the Divi Builder plugin (versions 4.0.10) will protect you from this vulnerability.