Users of the WordPress template company, Elegant Themes, are advised to immediately patch their systems after a critical information disclosure vulnerability was discovered in the company's Divi Builder product.
“If properly exploited, it could allow registered users, regardless of role, on your WordPress installation to perform a subset of actions within the Divi Builder, including the ability to manipulate posts,” the company said in an email to its users.
The vulnerability affects several of the company's themes and plugins, including the Divi, Extra, and Divi 2.3 (legacy) themes, as well as our Divi Builder, Bloom and Monarch plugins, Elegant Themes said in the email.
Updates are available for free and all expired accounts and users are recommended to not use affected versions. The vulnerability was privately disclosed and reportedly hasn't been exploited in the wild, the company said.
