There have been released updates to two themes by Elegant Themes, Divi and Extra and also to Divi Builder which is a WordPress plugin. Together these products are used on aproximately 700000 sites. The vulnerability gives authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
Affected versions:
Divi versions between 3.0 and 4.5.2
Extra versions between 2.0 and 4.5.2
Divi Builder versions between 2.0 and 4.5.2
More information in Wordfence blog.
Wednesday, August 12, 2020
Vulnerability in Divi, Extra and Divi Builder Fixed
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment