Enjoy priority support and immediate help for your WordPress sites!

WP Security: 3 theme vulnerabilities in NOV 2018

WP Security: 3 theme vulnerabilities in NOV 2018

WP Security bulletin - NOVEMBER 2018

At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress breaches to your site(s).

We withhold public disclosure from the beginning of December 2018, to avoid any unwanted attention during holidays.


  • Divi Builder
    • Authenticated Stored Cross-Site Scripting (XSS) reported by Ryan Dewhurst (dewhurstsecurity.com). A privilege escalation vulnerability was discovered that could allow low-level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins.
    • Affected Elegant Themes: Divi, Extra and their APIs.
      • WP Security recommendation: immediately upgrade to version 2.17.3 to fix the vulnerability

Our only security is our ability to change. ~ John Lilly

Summary
WP Security: 3 theme vulnerabilities in NOV 2018
Article Name
Description
At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress breaches to your site(s).
Author
Publisher
owl power EUROPE
https://owlpower.eu/wp-content/uploads/2016/03/logo-owl-power-square-e1467623463429.jpg

Related Posts

Leave a comment