A Major WordPress Theme Announced a Security Update Today
Elegant Themes notified users that updated versions of some of their products are available that addressed certain security issues. The affected themes and plugins are the Divi, Extra, Bloom and Monarch themes, as well as their Divi Builder plugin. If your website uses any of these products, you should update them as soon possible.
The issue
According to Elegant Themes:
Some cross-site request forgery checks within our core product framework could be potentially bypassed. In all cases, these checks were also hardened by user permission checks, however, user permissions checks alone are not sufficient to protect against all CSRF vectors.
How to protect yourself
Updating your theme or the Divi Builder plugin will fix this issue. If you are currently licenced you should be able to run these updates from your WordPress dashboard. You can also download the latest versions from your Elegant Themes account.
If you are unable to update right away for whatever reason, there is a security patch plugin available here: Elegant Themes Security Patcher
(Note: the about link will require that you log into your Elegant Themes account. Once logged in, you will be able to download the patch even if your Elegant Themes account is expired.
What if your Elegant Themes license is expired?
According to Elegant Themes:
We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.
If you don’t understand any of this
Open a ticket with us, tell us the URL of your website and inquire if you are using of the affected products. We will take a look at your account and let you know what we see there and estimate what it would cost to fix the issue. We will also see if there are any other outdated software products that you running and make recommendations for correcting them as well.
Staying Current is Vital
The various software pieces that make up your website get updated from time to time. Many times these updates introduce new features that you may useful. They also contain security patches. As time goes on, the authors of your software become aware of vulnerabilities in their software that they didn’t know about when it was released.
Responsible authors promptly make corrections and release those to their users. (Elegant Themes is doing this right now.) It is very important that you install and run those updates. Failure to do so could result in your website being defaced, having data stolen from it, erased, or worse.
Always remember
We are here to help you so please reach out and take advantage of that if you think you might need it.