Enjoy priority support and immediate help for your WordPress sites!

WP Security: 3 theme vulnerabilities in NOV 2018

WP Security: 3 theme vulnerabilities in NOV 2018

WP Security bulletin – NOVEMBER 2018

At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins – your risking serious WordPress breaches to your site(s).

We withhold public disclosure from the beginning of December 2018, to avoid any unwanted attention during holidays.


  • Divi Builder
    • Authenticated Stored Cross-Site Scripting (XSS) reported by Ryan Dewhurst (dewhurstsecurity.com). A privilege escalation vulnerability was discovered that could allow low-level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins.
    • Affected Elegant Themes: Divi, Extra and their APIs.
      • WP Security recommendation: immediately upgrade to version 2.17.3 to fix the vulnerability

Our only security is our ability to change. ~ John Lilly

Summary
WP Security: 3 theme vulnerabilities in NOV 2018
Article Name
Description
At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress breaches to your site(s).
Author
Publisher
owl power EUROPE

Related Posts

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.