Security updates for Divi and other ElegantThemes products

hacker-hacking-data-information
Hacker at work

Today Lots of Ways GmbH, operator of wp.cool, installed a number of security updates for their hosting customers. This affects ElegantThemes products, including the popular Divi theme. ElegantThemes fixed a problem discovered by an independent security researcher.

Protection against the vulnerability provides an update to the latest versions as of 12.03.2019. If you update your designs and plugins to the latest versions, the patch will be applied and your website will be protected.

The problem affected:

  • Divi
  • Extra
  • Bloom
  • Monarch
  • the Divi Builder Plugin

Some security precautions against Cross-Site-Forgery-Attacks could possibly be bypassed by the vulnerability. Although these attacks were previously blocked by user permission checks, such checks alone are not sufficient to protect against all CSRF attacks.

Cross-Site Request Forgery (CSRF) is an attack method that technically forces a Web site user to perform unwanted actions in a Web application in which they are currently authenticated. CSRF attacks target stateful requests, not data theft, because the attacker has no way of seeing the response to the fake request.

Lots of Ways hosting customers consistently benefit from lifelong updates for all ElegantThemes products. The Lots of Ways Team applies ongoing security updates automatically. In addition, all websites of Lots of Ways customers are now undergoing an additional forensic malware check (server-wide and independent of the CMS solutions installed).

Whoever becomes aware of the vulnerability through this article and does not have a valid update license for Divi & Co. can use the Security Patcher Plugin from ElegantThemes. This also closes the vulnerability.

Bernhard has been working as a tech editor for 10 years, then became a communications specialist. In 2011, he founded his own agency Lots of Ways. He is blogging and working with WordPress since 2006.

Have your say!

0 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Lost Password

Please enter your username or email address. You will receive a link to create a new password via email.