fbpx

Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder

GET UP TO $500K IN BUSINESS FUNDING

On July 23, 2020, our Threat Intelligence team discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin. Combined, these products are installed on an estimated 700,000 sites. This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.

We initially reached out to Elegant Themes on July 23, 2020 and, after establishing an appropriate communication channel, we provided the full disclosure details on July 28, 2020. The developers responded on

BUILD A WEBSITE: RESOURCES

Pin It on Pinterest

Share This
Xiphos Web Marketing

FREE
VIEW