WP Security: 3 theme vulnerabilities in NOV 2018


WP Security bulletin – NOVEMBER 2018

At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins – your risking serious WordPress breaches to your site(s).

We withhold public disclosure from the beginning of December 2018, to avoid any unwanted attention during holidays.

  • Divi Builder
    • Authenticated Stored Cross-Site Scripting (XSS) reported by Ryan Dewhurst (dewhurstsecurity.com). A privilege escalation vulnerability was discovered that could allow low-level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins.
    • Affected Elegant Themes: Divi, Extra and their APIs.
      • WP Security recommendation: immediately upgrade to version 2.17.3 to fix the vulnerability

Our only security is our ability to change. ~ John Lilly

Related Posts

owl power EUROPE

error: Content is protected !!
Shopping cart
There are no products in the cart!
Continue shopping