The developers of Divi announced on Jan 17th that All WordPress sites using Divi or the Divi builder must update their plugin or theme. it is always important to keep up with updates on any WordPress site. If you don’t then you could be at risk.
See the announcement from Divi – Elegant Themes on Jan 17th.
Today our core product framework was updated to fix an unintended information exposure within password protected post excerpts. This includes all of our WordPress themes and the Divi Builder plugin. Updating these themes and plugins to their latest versions will patch the flaw, keeping your website content secure.
WordPress allows posts (and Pages) to be password protected. When password protected posts are viewed or displayed within a post feed, post content is hidden pending password authentication. Our products did not treat these posts correctly when displaying excerpts. Post excerpts for password protected posts (and Pages) were mistakenly displayed on theme index pages and within post-based Divi Builder modules. Excerpts typically include the first ~40 words of a post unless otherwise defined. Full post content and individual post URLs were correctly protected.
Are You Affected?
This problem only affects customers who have published password protected posts and pages. Only the brief excerpts of these posts were potentially exposed within front-end website content. This does not affect WordPress admin authentication or any other password authentication on your website.
How To Fix It
Updating your themes and plugins will fix this problem. You can update your themes or plugins from within your WordPress dashboard, or you can download the latest versions from the member’s area and update them manually. This affects all Elegant Themes themes and the Divi Builder plugin. If you are using any of these products and you have published password protected posts, we recommend updating to the latest version.
What If You Can’t Update Right Now?
If you are unable to update your themes/plugins right away, you can use our security patcher plugin to patch the vulnerability without updating your products. This is a free download for all customers. Installing this plugin will fix the problem, and you can continue to use the security patcher plugin until you are able to update your products to their latest versions.
If you need this security patch then you need to contact us at immediately.
Has Your Account Expired?
We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.
We Are Here To Help
Security is extremely important to us and we take a number of precautions to help mitigate issues like this. Unfortunately, something slipped through the cracks this time, but we will continue to work hard to prevent similar mistakes from happening in the future.
If you have any questions or concerns, please know that our virtual doors are always open. If there is anything we can do to help, just let us know.
More from Coffee Web Design Team
Since many of our clients do not have an Elegant Themes account, then you need to contact us so that we can make sure that your site gets updated ASAP.
To date, we still feel like the Divi theme is one of the best WordPress Themes we have used in building designs for WordPress sites. If you would like to have your own account to manage your Divi theme, then you can purchase the Divi theme membership through Coffee Web Design and we will be happy to adjust your settings in your WordPress site, so you have all the latest news and great stuff coming into Divi future versions!