Scroll Top

WP Security: 3 theme vulnerabilities in NOV 2018

WP SECURITY: 3 THEME VULNERABILITIES IN NOV 2018

WP Security bulletin - NOVEMBER 2018

At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress breaches to your site(s).

We withhold public disclosure from the beginning of December 2018, to avoid any unwanted attention during holidays.


  • Divi Builder
    • Authenticated Stored Cross-Site Scripting (XSS) reported by Ryan Dewhurst (dewhurstsecurity.com). A privilege escalation vulnerability was discovered that could allow low-level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins.
    • Affected Elegant Themes: Divi, Extra and their APIs.
      • WP Security recommendation: immediately upgrade to version 2.17.3 to fix the vulnerability

Our only security is our ability to change. ~ John Lilly

We’re passionate about helping you grow and make your impact

Continue being informed



Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.

Related Posts

owlpower.eu
×